If your plain dm-crypt partition failed to decrypt after upgrade

Mar 16, 2024 Comments trick-share

If your plain dm-crypt partition failed to decrypt after upgrade, with the following error message:

WARNING: using default options for hash (sha256) that could be incompatible with old versions.

This is the solution.

Root Cause

After upgrading cryptsetup from 2.6.1 to 2.7.0, the default hash algorithm for plain mode changed from ripemd160 to sha256. Ref: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-rc0-ReleaseNotes

Solution

If you are using cryptsetup command line, please add --hash ripemd160. If you are mounting with kernel parameter, please use crypto=ripemd160:<YourAlgorithm>:<YourKeySize>:<YourOffset>:.

Tags:
recolic

recolic

Enjoy opensource, enjoy linux, enjoy C++, enjoy life. https://github.com/recolic https://git.recolic.net/root

Share

Leave a Reply

Recent Comments