# [solved] LUKS and the first good mode: LRW

## lagalopex

Hi!

I read something about the LRW-AES (Liskov, Rivest, Wagner - Advanced Encryption Standard) mode. It is the first really good mode, as its fast and much more secure than the others.

As its in the kernel since 2.6.20 I wanted to give it a try.

I loaded everything:

```
# lsmod

Module                  Size  Used by

lrw                     5120  0

blkcipher               6912  1 lrw

gf128mul                9088  1 lrw

cryptomgr               3968  0

dm_crypt               15248  0

aes                    27200  0

crypto_algapi          15040  3 lrw,cryptomgr,aes

...

# cat /proc/crypto

name         : lrw(aes)

driver       : lrw(aes-generic)

module       : lrw

priority     : 100

refcnt       : 1

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

name         : aes

driver       : aes-generic

module       : aes

priority     : 100

refcnt       : 1

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32
```

So it should work. I made a image and bound it to /dev/loop0.

Then I ran

```
# cryptsetup -c aes-lrw-benbi -y -s 384 luksFormat /dev/loop0

WARNING!

========

This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes): YES

Enter LUKS passphrase:

Verify passphrase:

Command successful.

# cryptsetup luksOpen /dev/loop0 test

Enter LUKS passphrase:

key slot 0 unlocked.

Enter LUKS passphrase:

key slot 0 unlocked.

Enter LUKS passphrase:

key slot 0 unlocked.

Command failed: device-mapper: reload ioctl failed: Invalid argument

# dmesg

...

device-mapper: table: device /dev/loop0 too small for target

device-mapper: table: 253:0: crypt: Device lookup failed

device-mapper: ioctl: error adding target to table

device-mapper: ioctl: device doesn't appear to be in the dev hash table.
```

I also tried it with a real partition, but it fails with the same problem...

Its a amd64 system with sys-kernel/gentoo-sources-2.6.20-r8 and sys-fs/cryptsetup-luks-1.0.4-r3.

In the german gentoo-wiki it warns you about the not fully implemented lrw-mode... buts its dated march 2006! And LRW now in 2.6.20, supported by cryptsetup-luks? mentions the same problem, fixed by lowering the key...

And in a ubuntu forum I read about the success with feisty (kernel 2.6.20 and above).

----------

## lagalopex

Well, I now tried the version 1.0.5 (not yet in portage, also released on may the 6th...) and it worked.

----------

## kernelOfTruth

yeah, they have made it the default for their feisty full system encryption how-tos, so it should be save,

trying it out right now & it feels faaaaaaaaaaaaassst  :Razz: 

----------

