Comment 13 for bug 474258

Another alternative (besides using a file on some fs) would be using LVM volumes, and not resolving the related symlinks.
Then /etc/crypttab would look something like:
cryptswap1 /dev/mapper/swap-swap_1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

where /dev/mapper/swap-swap_1 is a symlink maintained by device mapper. It should NOT be resolved to target of the symlink (like /dev/dm-1) before writing to crypttab, since target of that symlink is dynamic.