Hi Jonas. On Fri, 2013-06-28 at 21:57 +0200, Jonas Meurer wrote: > I don't get it. Do you even check the things you claim before sending > bugreports? Sure ;-)
> Defaults for plain dm-crypt devices didn't change within the > last releases. Yeah I saw that... but the reason for that, as Milan laid out is backwards compatibility, right? So that means we need to keep the "old" settings in cryptsetup (binary) and in the scripts where you auto-set-up devices... But IMHO we could change any recipes (because for new setups,... nothing should prevent people to use the "better" modes with plain). $ aptitude download cryptsetup Get: 1 http://ftp.de.debian.org/debian/ unstable/main cryptsetup amd64 2:1.6.1-1 [150 kB] Fetched 150 kB in 0s (361 kB/s) $ dpkg-deb -x cryptsetup_2%3a1.6.1-1_amd64.deb . Then: $ zgrep -r essiv * | grep essiv usr/share/doc/cryptsetup/README.Debian.gz:cswap1 /dev/hda9 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 usr/share/doc/cryptsetup/README.initramfs.gz: cryptroot /dev/hda2 none cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 usr/share/doc/cryptsetup/README.initramfs.gz:cryptswap /dev/hda2 cryptroot cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,keyscript=/lib/cryptsetup/scripts/decrypt_derived,swap usr/share/doc/cryptsetup/README.initramfs.gz:cryptroot /dev/hda2 /dev/disk/by-label/myusbkey:/keys/root.key cipher=aes-cbc-essiv:sha256,size=256,hash=plain,keyscript=/lib/cryptsetup/scripts/passdev usr/share/man/man5/crypttab.5.gz:cswap /dev/sda6 /dev/urandom cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,swap usr/share/man/man5/crypttab.5.gz:cdisk1 /dev/sda2 none cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,checkargs=ext4,tries=5 usr/share/man/man5/crypttab.5.gz:cdisk2 /dev/hdc1 none cipher=aes\-cbc\-essiv:sha256,hash=ripemd160,size=256,check=customscript,tries=1 (I've removed all matches from changelogs, release notes and NEWS. Further I removed the match from cryptroot,.. because this needs to stay the same for backward compatibility reasons too.) But all the above matches are, AFAICS, examples on how users could set up their swap, etc. pp. right? If you agree that we can/should change these... I can make a patch. Chris.
smime.p7s
Description: S/MIME cryptographic signature

