"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/docs/v1.6.5-ReleaseNotes" (28 Jun 2014, 2479 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Cryptsetup 1.6.5 Release Notes
    2 ==============================
    3 
    4 Changes since version 1.6.4
    5 
    6 * Allow LUKS header operation handling without requiring root privilege.
    7   It means that you can manipulate with keyslots as a regular user, only
    8   write access to device (or image) is required.
    9 
   10   This requires kernel crypto wrapper (similar to TrueCrypt device handling)
   11   to be available (CRYPTO_USER_API_SKCIPHER kernel option).
   12   If this kernel interface is not available, code fallbacks to old temporary
   13   keyslot device creation (where root privilege is required).
   14 
   15   Note that activation, deactivation, resize and suspend operations still
   16   need root privilege (limitation of kernel device-mapper backend).
   17 
   18 * Fix internal PBKDF2 key derivation function implementation for alternative
   19   crypto backends (kernel, NSS) which do not support PBKDF2 directly and have
   20   issues with longer HMAC keys.
   21 
   22   This fixes the problem for long keyfiles where either calculation is too slow
   23   (because of internal rehashing in every iteration) or there is a limit
   24   (kernel backend seems to not support HMAC key longer than 20480 bytes).
   25 
   26   (Note that for recent version of gcrypt, nettle or openssl the internal
   27   PBKDF2 code is not compiled in and crypto library internal functions are
   28   used instead.)
   29 
   30 * Support for Python3 for simple Python binding.
   31   Python >= 2.6 is now required. You can set Python compiled version by setting
   32   --with-python_version configure option (together with --enable-python).
   33 
   34 * Use internal PBKDF2 in Nettle library for Nettle crypto backend.
   35   Cryptsetup compilation requires Nettle >= 2.6 (if using Nettle crypto backend).
   36 
   37 * Allow simple status of crypt device without providing metadata header.
   38   The command "cryptsetup status" will print basic info, even if you
   39   do not provide detached header argument.
   40 
   41 * Allow to specify ECB mode in cryptsetup benchmark.
   42 
   43 * Add some LUKS images for regression testing.
   44   Note that if image with Whirlpool fails, the most probable cause is that
   45   you have old gcrypt library with flawed whirlpool hash.
   46   Read FAQ section 8.3 for more info.
   47 
   48 Cryptsetup API NOTE:
   49 The direct terminal handling for passphrase entry will be removed from
   50 libcryptsetup in next major version (application should handle it itself).
   51 
   52 It means that you have to always either provide password in buffer or set
   53 your own password callback function trhough crypt_set_password_callback().
   54 See API documentation (or libcryptsetup.h) for more info.