Nice! Compiles cleanly on my box and all checks are successful. This is Debian "squeeze" 64 bit with a self-compiled kernel 3.4.25 from kernel.org. I am also preparing an FAQ entry that recaps the discussion of AES128-XTS vs. AES256-XTS. Arno On Mon, Jan 14, 2013 at 12:19:36PM +0100, Milan Broz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > The stable cryptsetup 1.6.0 release is available at > > http://code.google.com/p/cryptsetup/ > > Feedback and bug reports are welcomed. > > > Cryptsetup 1.6.0 Release Notes > ============================== > > Changes since version 1.6.0-rc1 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > * Change LUKS default cipher to to use XTS encryption mode, > aes-xts-plain64 (i.e. using AES128-XTS). > > XTS mode becomes standard in hard disk encryption. > > You can still use any old mode: > > - compile cryptsetup with old default: > configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256 > > - format LUKS device with old default: > cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device> > > * Skip tests and fix error messages if running on old systems (or with old kernel). > > * Rename configure.in to configure.ac, fix issues with new automake and pkgconfig > and --disable-kernel_crypto option to allow compilation with old kernel headers. > > * Allow repair of 512 bits key header. > > * Fix status of device if path argument is used and fix double path prefix > for non-existent device path. > > > Changes since version 1.5.1 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Important changes > ~~~~~~~~~~~~~~~~~ > > * Cryptsetup and libcryptsetup is now released under GPLv2+ > (GPL version 2 or any later). > Some internal code handling files (loopaes, verity, tcrypt > and crypto backend wrapper) are LGPLv2+. > > Previously code was GPL version 2 only. > > > * Introducing new unified command open and close. > > Example: > cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name> > (type defaults to luks) > > with backward-compatible aliases plainOpen, luksOpen, loopaesOpen, > tcryptOpen. Basically "open --type xyz" has alias "xyzOpen". > > The "create" command (plain device create) is DEPRECATED but will > be still supported. > (This command is confusing because of switched arguments order.) > > The close command is generic command to remove mapping and have > backward compatible aliases (remove, luksClose, ...) which behaves > exactly the same. > > While all old syntax is still supported, I strongly suggest to use > new command syntax which is common for all device types (and possible > new formats added in future). > > > * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play) > on-disk format > (Code is independent implementation not related to original project). > > Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen) > of TCRYPT device are supported. No header changes are supported. > > It is intended to easily access containers shared with other operating systems > without need to install 3rd party software. For native Linux installations LUKS > is the preferred format. > > WARNING: TCRYPT extension requires kernel userspace crypto API to be > available (introduced in Linux kernel 2.6.38). > If you are configuring kernel yourself, enable "User-space interface > for symmetric key cipher algorithms" in "Cryptographic API" section > (CRYPTO_USER_API_SKCIPHER .config option). > > Because TCRYPT header is encrypted, you have to always provide valid > passphrase and keyfiles. Keyfiles are handled exactly the same as in original > format (basically, first 1MB of every keyfile is mixed using CRC32 into pool). > > Cryptsetup should recognize all TCRYPT header variants ever released, except > legacy cipher chains using LRW encryption mode with 64 bits encryption block > (namely Blowfish in LRW mode is not recognized, this is limitation of kernel > crypto API). > > Device activation is supported only for LRW/XTS modes (again, limitation > of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode). > (So old containers cannot be activated, but you can use libcryptsetup > for lost password search, example of such code is included in misc directory.) > > Hidden headers are supported using --tcrypt-hidden option, system encryption > using --tcrypt-system option. > > For detailed description see man page. > > EXAMPLE: > * Dump device parameters of container in file: > > # cryptsetup tcryptDump tst > Enter passphrase: > > TCRYPT header information for tst > Version: 5 > Driver req.: 7 > Sector size: 512 > MK offset: 131072 > PBKDF2 hash: sha512 > Cipher chain: serpent-twofish-aes > Cipher mode: xts-plain64 > MK bits: 1536 > > You can also dump master key using --dump-master-key. > Dump does not require superuser privilege. > > * Activation of this container > > # cryptsetup tcryptOpen tst tcrypt_dev > Enter passphrase: > (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.) > > * See status of active TCRYPT device > > # cryptsetup status tcrypt_dev > > /dev/mapper/tcrypt_dev is active. > type: TCRYPT > cipher: serpent-twofish-aes-xts-plain64 > keysize: 1536 bits > device: /dev/loop0 > loop: /tmp/tst > offset: 256 sectors > size: 65024 sectors > skipped: 256 sectors > mode: read/write > > * And plaintext filesystem now ready to mount > > # blkid /dev/mapper/tcrypt_dev > /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat" > > > * Add (optional) support for lipwquality for new LUKS passwords. > > If password is entered through terminal (no keyfile specified) > and cryptsetup is compiled with --enable-pwquality, default > system pwquality settings are used to check password quality. > > You can always override this check by using new --force-password option. > > For more info about pwquality project see http://libpwquality.fedorahosted.org/ > > > * Proper handle interrupt signals (ctrl+c and TERM signal) in tools > > Code should now handle interrupt properly, release and explicitly wipe > in-memory key materials on interrupt. > (Direct users of libcryptsetup should always call crypt_free() when > code is interrupted to wipe all resources. There is no signal handling > in library, it is up to the tool using it.) > > > * Add new benchmark command > > The "benchmark" command now tries to benchmark PBKDF2 and some block > cipher variants. You can specify you own parameters (--cipher/--key-size > for block ciphers, --hash for PBKDF2). > > See man page for detailed description. > > WARNING: benchmark command requires kernel userspace crypto API to be > available (introduced in Linux kernel 2.6.38). > If you are configuring kernel yourself, enable "User-space interface > for symmetric key cipher algorithms" in "Cryptographic API" section > (CRYPTO_USER_API_SKCIPHER .config option). > > EXAMPLE: > # cryptsetup benchmark > # Tests are approximate using memory only (no storage IO). > PBKDF2-sha1 111077 iterations per second > PBKDF2-sha256 53718 iterations per second > PBKDF2-sha512 18832 iterations per second > PBKDF2-ripemd160 89775 iterations per second > PBKDF2-whirlpool 23918 iterations per second > # Algorithm | Key | Encryption | Decryption > aes-cbc 128b 212.0 MiB/s 428.0 MiB/s > serpent-cbc 128b 23.1 MiB/s 66.0 MiB/s > twofish-cbc 128b 46.1 MiB/s 50.5 MiB/s > aes-cbc 256b 163.0 MiB/s 350.0 MiB/s > serpent-cbc 256b 23.1 MiB/s 66.0 MiB/s > twofish-cbc 256b 47.0 MiB/s 50.0 MiB/s > aes-xts 256b 190.0 MiB/s 190.0 MiB/s > serpent-xts 256b 58.4 MiB/s 58.0 MiB/s > twofish-xts 256b 49.0 MiB/s 49.5 MiB/s > aes-xts 512b 175.0 MiB/s 175.0 MiB/s > serpent-xts 512b 59.0 MiB/s 58.0 MiB/s > twofish-xts 512b 48.5 MiB/s 49.5 MiB/s > > Or you can specify cipher yourself: > # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128 > # Tests are approximate using memory only (no storage IO). > # Algorithm | Key | Encryption | Decryption > cast5-cbc 128b 32.4 MiB/s 35.0 MiB/s > > WARNING: these tests do not use dmcrypt, only crypto API. > You have to benchmark the whole device stack and you can get completely > different results. But is is usable for basic comparison. > (Note for example AES-NI decryption optimization effect in example above.) > > Features > ~~~~~~~~ > > * Do not maintain ChangeLog file anymore, see git log for detailed changes, > e.g. here http://code.google.com/p/cryptsetup/source/list > > * Move change key into library, add crypt_keyslot_change_by_passphrase(). > This change is useful mainly in FIPS mode, where we cannot > extract volume key directly from libcryptsetup. > > * Add verbose messages during reencryption. > > * Default LUKS PBKDF2 iteration time is now configurable. > > * Add simple cipher benchmarking API. > > * Add kernel skcipher backend. > > * Add CRC32 implementation (for TCRYPT). > > * Move PBKDF2 into crypto backend wrapper. > This allows use it in other formats, use library implementations and > also possible use of different KDF function in future. > > * New PBKDF2 benchmark using getrusage(). > > Fixes > ~~~~~ > > * Avoid O_DIRECT open if underlying storage doesn't support it. > > * Fix some non-translated messages. > > * Fix regression in header backup (1.5.1) with container in file. > > * Fix blockwise read/write for end writes near end of device. > (was not used in previous versions) > > * Ignore setpriority failure. > > * Code changes to fix/ignore problems found by Coverity static analysis, including > - Get page size should never fail. > - Fix time of check/use (TOCTOU test) in tools > - Fix time of check/use in loop/wipe utils. > - Fix time of check/use in device utils. > > * Disallow header restore if context is non-LUKS device. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCAAGBQJQ8+m8AAoJENmwV3vZPpj8sfsP/A/hE/jJQ57V3p/cZStjw2Vl > 06pzQL34PnjPMTO6JvPtjEQVhHkEBzRrQuB0O6cOD57SO6Ew1H4zotk2ZywiRBei > f6OK0R/SlhT1zqs1VgNi9ZCvkpO7bnxSbGkP7DMX5yZsiZTfjVlVFzq2mw2X5yJV > AcjRZ7iWrjiLA7aOY3NvPY72FcWkHWlG7qw2BIKFUQ9+EvXJQByNoEOsiuYtmmo+ > smdPocX5ZtpPNEmpNe3M2JeCX6WBFZSX+hRRsx+AE8WOgf5ZJY6Z32fvphx8bxJA > 44lAJukhBI3EUpNmwCTTZKnNceWZlNqPVnJbk+MrcC1/T8+OfqDsB2UZaawkMI8I > eat+fEB1L2bW7rAjpQekxvx/+uu8HGVJ6FrANcPB+lJ6juf3WQOhBUzTfsHFX0fJ > ctYYYIdOdZEeWzwCD/o0LVunCwef/dOcOWjp3HMZMHXlqwotpVClK+6+5BnUJimA > xRUye32jBb11OayqQYJtDnJL46nMtSfGGvbq1sh/w+AfRbsjUqG1pjJ5gXuRk8jV > 3/90d0td2yucXd6oCcCdVd0QHZDw6deIYp15Nmbleur7vZ0y/TuGc74mUrYuTGQ8 > 5Qh9tmJE+XH3pwf4VqD7/vdG/3k7z9/9fEzzHngejzj379cOAJCG44NxoGqloCel > PHTgWOW5aGnL/QZUqAjz > =2T+g > -----END PGP SIGNATURE----- > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt