> From: Milan Broz <gmazyland@xxxxxxxxx> > Sent: Sun Dec 10 21:36:42 CET 2017 > To: dm-crypt <dm-crypt@xxxxxxxx> > Subject: [ANNOUNCE] cryptsetup 2.0.0 > > 1) aes-xts-plain64 with hmac-sha256 or hmac-sha512 as the authentication tag. > (Common FDE mode + independent authentication tag. Authentication key > for HMAC is independently generated. This mode is very slow.) > $ cryptsetup luksFormat --type luks2 <device> --cipher aes-xts-plain64 --integrity hmac-sha256 > I see this part changed from last RC release. So no more random IV for aes-xts? Is it still possible to disable integrity with "--integrity none" option to have equivalent of LUKS1 ciphers used along with other LUKS2 features like argon2? > > For now, default LUKS2 PBKDF algorithm is Argon2i (data independent variant) > with memory cost set to 128MB, time to 800ms and parallel thread according > to available CPU cores but no more than 4. Is above actual after: https://gitlab.com/cryptsetup/cryptsetup/commit/3c2f92a7afc2ae4c99fa937f1b189bc1375374ad Yours sincerely G. K. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
