Package: tomb Version: 2.5+dfsg1-2 Severity: normal Tags: upstream Dear Maintainer,
The default cipher is not accepted by cryptsetup any more. Locking a freshly digged tomb by $ tomb lock -k x.key x.tomb fails with [...] tomb [W] cryptsetup luksFormat returned an error. tomb [E] Operation aborted. According to https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt the default cipher "aes-xts-plain64:sha256" is not valid. ":sha256" only goes with "aes- cbc-essiv:sha256". The valid cipher would be "aes-xts-plain64". Locking the tomb specifying the valid cipher on the command line works $ tomb lock -k x.key -o aes-xts-plain64 x.tomb [...] tomb . Done locking x using Luks dm-crypt aes-xts-plain64 tomb (*) Your tomb is ready in x.tomb and secured with key x.key "aes-xts-plain64:sha256" should be corrected to "aes-xts-plain64" in /usr/bin/tomb and the manpage. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tomb depends on: ii cryptsetup-bin 2:2.1.0-5 ii e2fsprogs 1.44.5-1 ii gnupg 2.2.12-1 ii pinentry-gnome3 [pinentry] 1.1.0-2 ii sudo 1.8.27-1 ii zsh 5.7.1-1 tomb recommends no packages. tomb suggests no packages. -- no debconf information