On Sat, 12 Jul 2025 at 18:22:56 +0100, Richard Lewis wrote: > On Sat, 12 Jul 2025 at 15:21, Guilhem Moulin <guil...@debian.org> wrote: >> >> On Sat, 12 Jul 2025 at 14:52:13 +0100, Richard Lewis wrote: >>> I think what i understand from this (which may be very wrong) is: >>> >>> The default settings for LUKS filesystems (see crypttab(5)) have >>> changed to improve security, which may cause issues if you did not >> >> No, the new defaults affect plain dm-crypt devices only (aka plain >> mode), Algorithms for LUKS remain unchanged for Bookworm → Trixie. > > aha -- i had not understood that there was a difference, so i have > learned something (not east what a terrible design decision was made > with plain-mode!).
It doesn't belong to the release notes, but FWIW in upstream's defense, LUKS is merely a metadata layer above plain mode in a way, which in turns is a merely exposing to userspace dm-crypt capabilities from the kernel. The defaults algorithms used to be the same for all modes, and upstream upgraded them for LUKS some releases ago, but until now had held it back for plain to avoid backward incompatibility. So I think “terrible design decision” is a bit harsh. > I think the version below might be more accurate -- > but can we tell people to record the keysize while we are at it - > crypttab(5) mentions this is also needed, but doesnt give any hints as > to the default values themselves! even though keysize did not change > in trixie, telling people to add it now may avoid future issues > (assuming anyone reads the release-notes) Fair point, the default is size=256 both for ≤bookworm and trixie. The corresponding cryptsetup(8) option is `--key-size 256`. Both crypttab(5) parsing and cryptsetup(8) binary spew a warning (with the default size) if the key size is unspecified, but it doesn't hurt to spell it down in the release notes indeed. > change to default encryption settings for plain-mode dm-crypt devices > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The default settings for ``dm-crypt`` devices created using with > ``plain``-mode encryption (see :url-man-stable:`crypttab(5)) have > changed to improve security. This will cause problems if you did not > record the settings used in ``/etc/crypttab``. The only recommended > way to configure plain-mode devices is to record the ``cipher``, > ``hash`` and ``keysize`` options in ``/etc/crypttab``, but it is keysize → size (for historical reasons) > possible to rely on `cryptsetup` using default values. Because the > default values for cipher and hash algorithm have changed in trixie, > such poorly-configured devices will not be accessible until you > properly configure them. I'd suggest to say that this will yield random-looking devices rather than making them “not accessible”. That way the read can decide whether that's a regression (for a device holding a file system or something) or whether it can wait. > This does not apply to LUKS devices because LUKS records the settings > in the device itself. > > To properly configure your plain-mode devices, assuming they were > created with the bookworm defaults, you should add > ``cipher=aes-cbc-essiv:sha256,hash=ripemd160`` to ``/etc/crypttab``. …,size=256 > To access such devices with ``cryptsetup`` on the command line you can > use ``--cipher aes-cbc-essiv:sha256 --hash ripemd160``. Debian … --key-size 256 > recommends you do not use plain mode for non-transient devices, and > that if you do use them, you should explicitly record all the > encryption settings used in ``/etc/crypttab``. The new defaults are > ``cipher=aes-xts-plain64,hash=sha256``. FWIW technically specifying the hash is not needed when a key file is used, but it doesn't hurt to have it in that case (it's ignored) so it's probably not worth spelling out the full logic in the release notes. Thanks! -- Guilhem.
signature.asc
Description: PGP signature
