Cryptsetup won't open container after update

I upgraded Fedora recently to F40. My cryptsetup no longer would open a container created on an earlier Fedora release (F38, for example).

Do not fret.

The reason is that cryptsetup version 2.7.x changed default hash algorithm for plain encryption. And it suggests now to specify the exact hash you want to use to encrypt your key (if not from a key-file) when creating/opening an encrypted device.

I didn’t bother even checking what the default hash algo cryptsetup was using before. You can downgrade easily with Fedora to a 2.6.x version (or whatever it was) and open your old encrypted devices. Then you can recreate it with whichever version adding --hash= option during open - and that will solve your problem and avoid any ambiguity when dealing with plain encryption. This is actually more secure because what the default hash algo was is something of a security risk.

1 Like