Package: release-notes Severity: normal Hi,
cryptsetup ≥2:2.7.0~ has new default default cipher and password hashing algorithms for plain mode, which might break some existing setups and therefore should be mentioned in the release notes. The following text from cryptsetup=2:2.7.0~rc0-1's NEWS entry can probably be copied verbatim. --8<--------------------------------------------------------------------->8-- Default cipher and password hashing for plain mode have respectively been changed to aes-xts-plain64 and sha256 (from aes-cbc-essiv:sha256 resp. ripemd160). The new values matches what is used for LUKS, but the change does NOT affect LUKS volumes. This is a backward incompatible change for plain mode when relying on the defaults, which (for plain mode only) is strongly advised against. For many releases the Debian wrappers found in the ‘cryptsetup’ binary package have spewed a loud warning for plain devices from crypttab(5) where ‘cipher=’ or ‘hash=’ are not explicitly specified. The cryptsetup(8) executable now issue such a warning as well. --8<--------------------------------------------------------------------->8-- -- Guilhem.
signature.asc
Description: PGP signature
