palopezv/adiantum-encryption-how-to.md

Last active May 2, 2026 16:45

Star (7) You must be signed in to star a gist
Fork (2) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/palopezv/792b9f0100484186c3f74cbee7b07630.js"></script>
Save palopezv/792b9f0100484186c3f74cbee7b07630 to your computer and use it in GitHub Desktop.

Download ZIP

How to create a LUKS partition encrypted with Adiantum, ideal for low end and older devices/computers

Raw

adiantum-encryption-how-to.md

How to create a LUKS partition encrypted with the Adiantum scheme

Important note

Sector size and key size are fixed, you cannot change them!
You can play with the hash but using less than sha256 is irresponsible!
You can convert an already existing luks2 partition with cryptsetup(8).

Very low end devices or computers (say, an old Pentium, Celeron, Raspberry Pi or older SoC)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt \
--sector-size=4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

Low end devices or computers (say, a Core 2 Duo, a smartphone post 2016)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt \
--sector-size=4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

Artoria2e5 commented Nov 2, 2025

No need to differentiate as xchacha12 is (for now) known to be as safe, has plenty of margins. Might as well be faster.

o-alquimista commented May 1, 2026 •

edited

Loading

I see that you specify a sector size of 4096. Isn't it only suitable for those disks that use 4k-sized sectors? For example, mine reports only 512.

After fiddling with sector alignment to make the size of a partition (in sectors) a multiple of 8, cryptsetup is able to encrypt in 4k. While it seems to work, and the partition is later formatted and mounted without any noticeable issues, I wonder if this is really a good idea. I still get some warnings when I run fdisk -l (on Alpine Linux):

Disk /dev/dm-0: 58 GB, 61973987328 bytes, 121042944 sectors
941 cylinders, 255 heads, 63 sectors/track
Units: sectors of 1 * 4096 = 4096 bytes

Disk /dev/dm-0 doesn't contain a valid partition table
Note: sector size is 4096 (not 512)

CORRECTION: The error above is also happening with a sector size of 512, so it's not related to 4k sector size.

palopezv/adiantum-encryption-how-to.md

Select an option

No results found

Select an option

No results found

How to create a LUKS partition encrypted with the Adiantum scheme

Important note

Very low end devices or computers (say, an old Pentium, Celeron, Raspberry Pi or older SoC)

Low end devices or computers (say, a Core 2 Duo, a smartphone post 2016)

Artoria2e5 commented Nov 2, 2025

Uh oh!

o-alquimista commented May 1, 2026 •

edited

Loading

Uh oh!

palopezv/adiantum-encryption-how-to.md

How to create a LUKS partition encrypted with the Adiantum scheme

Important note

Very low end devices or computers (say, an old Pentium, Celeron, Raspberry Pi or older SoC)

Low end devices or computers (say, a Core 2 Duo, a smartphone post 2016)

Artoria2e5 commented Nov 2, 2025

Uh oh!

o-alquimista commented May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

o-alquimista commented May 1, 2026 •

edited

Loading