diff --git a/ChangeLog b/ChangeLog
index 34dedf5f..b17e7b5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2009-08-17  Milan Broz  <mbroz@redhat.com>
 	* Fix PBKDF2 speed calculation for large passhrases.
 	* Allow using passphrase provided in options struct for LuksOpen.
+	* Allow restrict keys size in LuksOpen.
 
 2009-07-30  Milan Broz  <mbroz@redhat.com>
 	* Fix errors when compiled with LUKS_DEBUG.
diff --git a/lib/setup.c b/lib/setup.c
index 12769cff..03d58ed4 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -560,7 +560,7 @@ start:
 		password = safe_alloc(passwordLen + 1);
 		strncpy(password, options->passphrase, passwordLen + 1);
 		tries = 0;
-	} else if(get_key(prompt, &password, &passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags))
+	} else if(get_key(prompt, &password, &passwordLen, options->key_size, options->key_file, options->passphrase_fd, options->timeout, options->flags))
 		tries--;
 	else
 		tries = 0;
diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index a1c516ec..d76002b1 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -110,7 +110,9 @@ If the key file is "-", stdin will be used. This is different from how cryptsetu
 For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
 .TP
 .B "\-\-key-size, \-s"
-set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this flag, as the key-size is specified by the partition header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
+set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will use key-size specified by the LUKS header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
+
+For \fIluksOpen\fR this option specifies number of bits read from the key-file (default is exhaustive read from key-file).
 .TP
 .B "\-\-size, \-b"
 force the size of the underlying device in sectors.
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 075a12a8..ea3afd44 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -291,6 +291,7 @@ static int action_luksOpen(int arg)
 		.name = action_argv[1],
 		.device = action_argv[0],
 		.key_file = opt_key_file,
+		.key_size = opt_key_file ? (opt_key_size / 8) : 0, /* limit bytes read from keyfile */
 		.timeout = opt_timeout,
 		.tries = opt_tries,
 		.icb = &cmd_icb,