Hi Jonas.

On Fri, 2013-06-28 at 21:57 +0200, Jonas Meurer wrote:
> I don't get it. Do you even check the things you claim before sending
> bugreports?
Sure ;-)


> Defaults for plain dm-crypt devices didn't change within the
> last releases.
Yeah I saw that... but the reason for that, as Milan laid out is
backwards compatibility, right?
So that means we need to keep the "old" settings in cryptsetup (binary)
and in the scripts where you auto-set-up devices...

But IMHO we could change any recipes (because for new setups,... nothing
should prevent people to use the "better" modes with plain).


$ aptitude download cryptsetup
Get: 1 http://ftp.de.debian.org/debian/ unstable/main cryptsetup amd64
2:1.6.1-1 [150 kB]
Fetched 150 kB in 0s (361 kB/s)   
$ dpkg-deb -x cryptsetup_2%3a1.6.1-1_amd64.deb .

Then:
$ zgrep -r essiv * | grep essiv
usr/share/doc/cryptsetup/README.Debian.gz:cswap1                /dev/hda9       
/dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
usr/share/doc/cryptsetup/README.initramfs.gz:  cryptroot /dev/hda2 none 
cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
usr/share/doc/cryptsetup/README.initramfs.gz:cryptswap /dev/hda2 cryptroot 
cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,keyscript=/lib/cryptsetup/scripts/decrypt_derived,swap
usr/share/doc/cryptsetup/README.initramfs.gz:cryptroot /dev/hda2 
/dev/disk/by-label/myusbkey:/keys/root.key 
cipher=aes-cbc-essiv:sha256,size=256,hash=plain,keyscript=/lib/cryptsetup/scripts/passdev
usr/share/man/man5/crypttab.5.gz:cswap /dev/sda6 /dev/urandom 
cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,swap
usr/share/man/man5/crypttab.5.gz:cdisk1 /dev/sda2 none 
cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,checkargs=ext4,tries=5
usr/share/man/man5/crypttab.5.gz:cdisk2 /dev/hdc1 none 
cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,check=customscript,tries=1
(I've removed all matches from changelogs, release notes and NEWS.
Further I removed the match from cryptroot,.. because this needs to stay
the same for backward compatibility reasons too.)

But all the above matches are, AFAICS, examples on how users could set
up their swap, etc. pp. right?


If you agree that we can/should change these... I can make a patch.


Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to