"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/docs/v2.0.2-ReleaseNotes" (24 Jul 2021, 4167 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Cryptsetup 2.0.2 Release Notes
    2 ==============================
    3 Stable and bug-fix release with experimental features.
    4 
    5 Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
    6 
    7 The legacy LUKS (referenced as LUKS1) will be fully supported
    8 forever as well as a traditional and fully backward compatible format.
    9 
   10 Please note that authenticated disk encryption, non-cryptographic
   11 data integrity protection (dm-integrity), use of Argon2 Password-Based
   12 Key Derivation Function and the LUKS2 on-disk format itself are new
   13 features and can contain some bugs.
   14 
   15 To provide all security features of authenticated encryption, we need
   16 a better nonce-reuse resistant algorithm in the kernel (see note below).
   17 For now, please use authenticated encryption as an experimental feature.
   18 
   19 Please do not use LUKS2 without properly configured backup or in
   20 production systems that need to be compatible with older systems.
   21 
   22 Changes since version 2.0.1
   23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
   24 
   25 * Fix a regression in early detection of inactive keyslot for luksKillSlot.
   26   It tried to ask for passphrase even for already erased keyslot.
   27 
   28 * Fix a regression in loopaesOpen processing for keyfile on standard input.
   29   Use of "-" argument was not working properly.
   30 
   31 * Add LUKS2 specific options for cryptsetup-reencrypt.
   32   Tokens and persistent flags are now transferred during reencryption;
   33   change of PBKDF keyslot parameters is now supported and allows
   34   to set precalculated values (no benchmarks).
   35 
   36 * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
   37   combination. Persistent flags are now stored only if the device was
   38   successfully activated with the specified flags.
   39 
   40 * Fix integritysetup format after recent Linux kernel changes that
   41   requires to setup key for HMAC in all cases.
   42   Previously integritysetup allowed HMAC with zero key that behaves
   43   like a plain hash.
   44 
   45 * Fix VeraCrypt PIM handling that modified internal iteration counts
   46   even for subsequent activations. The PIM count is no longer printed
   47   in debug log as it is sensitive information.
   48   Also, the code now skips legacy TrueCrypt algorithms if a PIM
   49   is specified (they cannot be used with PIM anyway).
   50 
   51 * PBKDF values cannot be set (even with force parameters) below
   52   hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
   53   it is 4 iterations and 32 KiB of memory cost.
   54 
   55 * Introduce new crypt_token_is_assigned() API function for reporting
   56   the binding between token and keyslots.
   57 
   58 * Allow crypt_token_json_set() API function to create internal token types.
   59   Do not allow unknown fields in internal token objects.
   60 
   61 * Print message in cryptsetup that about was aborted if a user did not
   62   answer YES in a query.
   63 
   64 Unfinished things & TODO for next releases
   65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   66 * There will be better documentation and examples.
   67 
   68 * There will be some more formal definition of the threat model for integrity
   69   protection. (And a link to some papers discussing integrity protection,
   70   once it is, hopefully, accepted and published.)
   71 
   72 * Authenticated encryption will use new algorithms from CAESAR competition
   73   https://competitions.cr.yp.to/caesar-submissions.html.
   74   We plan to use AEGIS and MORUS, as CAESAR finalists.
   75 
   76   NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
   77   in the kernel have too small 96-bit nonces that are problematic with
   78   randomly generated IVs (the collision probability is not negligible).
   79 
   80 * Authenticated encryption do not set encryption for a dm-integrity journal.
   81 
   82   While it does not influence data confidentiality or integrity protection,
   83   an attacker can get some more information from data journal or cause that
   84   system will corrupt sectors after journal replay. (That corruption will be
   85   detected though.)
   86 
   87 * There are examples of user-defined tokens inside misc/luks2_keyslot_example
   88   directory (like a simple external program that uses libssh to unlock LUKS2
   89   using remote keyfile).
   90 
   91 * The python binding (pycryptsetup) contains only basic functionality for LUKS1
   92   (it is not updated for new features) and will be deprecated in version 2.1
   93   in favor of python bindings to the libblockdev library.