Installation: specify LUKS bit strength


 Is there any way to specify the bit strength for LUKS when one is installing OpenSUSE 11.4?  I've tried to find it (because imho 256 bit aes is a bit high for what little i do with my netbook) but I have not.  I was going to try to control+alt+F4 to a shell and create the partition setup and create the LUKS container and see if that works but in the past, trying that doesn't work either because 1) the installer doesn't ask for the LUKS password or 2) it asks, setup finishes normally, but yet I then get what seems to be random boot errors like some times the /home doesn't mount, sometimes the swap doesn't enable, etc.

Anyone care to give some input? I’ve been around and around the installer and can’t seem to find a way to do it.



I am using encryption. The overhead cost of the encryption seems small enough, that I don’t notice it, even on a slower system. I doubt that there is any point in using something weaker than 256 bit AES.

I haven’t tried that. However, if I use the installer it does ask for the encryption key for existing partitions. It asks just before it begins the partitioning section of the install. So perhaps you are doing that too late. Maybe after setting up the encryption as you want it, you should reboot and restart the install.

Well I’ve had issues where the installer does finish successfully but then at boot it won’t mount, etc. I have tried again (i.e. creating the luks container before booting the installer) so I have my fingers crossed (it’s installing right now).

As for the bit strength, on a slower/older/minimalist machine, I definitely notice the difference, especially when i encrypt everything but /boot as opposed to just swap and /home. This is an older netbook so it’s more noticeable…

Ok it worked, I guess it was a drive sync issue or something last time. But thanks!

Bump. I think giving users the ability to specify the strength and type of encryption during would be a very good addition to the installer. However, yes, I recognize that someone advanced enough to understand the inner workings of this will probably also have the technical skills to do it themselves…

Case in point, this is why. Open SuSE 11.4’s installer changes stuff. I told it to unlock, not alter, the LUKS partition on my netbook (atom N270, 2GB RAM, 16GB SSD PATA) that I created specifically with 128bit aes-cbc-essiv. But lo and behold, upon reboot luksDump reports a 256bit key. No offense but 256 bit encryption in LUKS on that minimal a computer is a bit excessive, much less I am not storing anything so secret as to require anything above 128bit.

Please, someone add a feature to the installer so we can specify at least bit strength of encryption. Now I have to either reinstall and/or figure out a way to perform “brain surgery” on this thing by moving the partitions off and then back on after changing (reformatting) LUKS on sda2 (and this is a “fully encrypted” install so hopefully all goes well).

On 2011-11-12 14:56, radelahunt wrote:

> Please, someone add a feature to the installer so we can specify at

No one here. Devs seldom, if at all, read the forum.

Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On Sat, 12 Nov 2011 13:56:52 +0000, radelahunt wrote:

> Please, someone add a feature to the installer so we can specify at
> least bit strength of encryption.

Feature enhancements are best recorded at openFATE, which is the feature
request system. :slight_smile:


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at