Skip to content

Instantly share code, notes, and snippets.

@palopezv
Last active May 18, 2024 12:44
Show Gist options
  • Save palopezv/792b9f0100484186c3f74cbee7b07630 to your computer and use it in GitHub Desktop.
Save palopezv/792b9f0100484186c3f74cbee7b07630 to your computer and use it in GitHub Desktop.
How to create a LUKS partition encrypted with Adiantum, ideal for low end and older devices/computers

How to create a LUKS partition encrypted with the Adiantum scheme

Important note

  • Sector size and key size are fixed, you cannot change them!
  • You can play with the hash but using less than sha256 is irresponsible!
  • You can convert an already existing luks2 partition with cryptsetup(8).

Very low end devices or computers (say, an old Pentium, Celeron, Raspberry Pi or older SoC)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt \
--sector-size=4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

Low end devices or computers (say, a Core 2 Duo, a smartphone post 2016)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt \
--sector-size=4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment