Package: tomb
Version: 2.5+dfsg1-2
Severity: normal
Tags: upstream

Dear Maintainer,
The default cipher is not accepted by cryptsetup any more.

Locking a freshly digged tomb by

    $ tomb lock -k x.key x.tomb

fails with

    [...]
    tomb [W] cryptsetup luksFormat returned an error.
    tomb [E] Operation aborted.

According to https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt the default
cipher "aes-xts-plain64:sha256" is not valid. ":sha256" only goes with "aes-
cbc-essiv:sha256". The valid cipher would be "aes-xts-plain64".

Locking the tomb specifying the valid cipher on the command line works

    $ tomb lock -k x.key -o aes-xts-plain64 x.tomb

    [...]
    tomb  .  Done locking x using Luks dm-crypt aes-xts-plain64
    tomb (*) Your tomb is ready in x.tomb and secured with key x.key

"aes-xts-plain64:sha256" should be corrected to "aes-xts-plain64" in
/usr/bin/tomb and the manpage.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tomb depends on:
ii  cryptsetup-bin              2:2.1.0-5
ii  e2fsprogs                   1.44.5-1
ii  gnupg                       2.2.12-1
ii  pinentry-gnome3 [pinentry]  1.1.0-2
ii  sudo                        1.8.27-1
ii  zsh                         5.7.1-1

tomb recommends no packages.

tomb suggests no packages.

-- no debconf information

Reply via email to