[dm-crypt] [ANNOUNCE] cryptsetup 1.6.4

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4
Date: Thu, 27 Feb 2014 15:39:44 +0100	[thread overview]
Message-ID: <530F4E30.6000204@gmail.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The stable cryptsetup 1.6.4 release is available at

    https://code.google.com/p/cryptsetup/

Please note that release packages are now located on kernel.org

    https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/

Feedback and bug reports are welcomed.

Cryptsetup 1.6.4 Release Notes
==============================

Changes since version 1.6.3

* Implement new erase (with alias luksErase) command.

  The erase cryptsetup command can be used to permanently erase
  all keyslots and make the LUKS container inaccessible.
  (The only way to unlock such device is to use LUKS header backup
  created before erase command was used.)

  You do not need to provide any password for this operation.

  This operation is irreversible.

* Add internal "whirlpool_gcryptbug hash" for accessing flawed
  Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).

  The gcrypt version of Whirlpool hash algorithm was flawed in some
  situations.

  This means that if you used Whirlpool in LUKS header and upgraded
  to new gcrypt library your LUKS container become inaccessible.

  Please refer to cryptsetup FAQ for detail how to fix this situation.

* Allow to use --disable-gcrypt-pbkdf2 during configuration
  to force use internal PBKDF2 code.

* Require gcrypt 1.6.1 for imported implementation of PBKDF2
  (PBKDF2 in gcrypt 1.6.0 is too slow).

* Add --keep-key to cryptsetup-reencrypt.

  This allows change of LUKS header hash (and iteration count) without
  the need to reencrypt the whole data area.
  (Reencryption of LUKS header only without master key change.)

* By default verify new passphrase in luksChangeKey and luksAddKey
  commands (if input is from terminal).

* Fix memory leak in Nettle crypto backend.

* Support --tries option even for TCRYPT devices in cryptsetup.

* Support --allow-discards option even for TCRYPT devices.
  (Note that this could destroy hidden volume and it is not suggested
   by original TrueCrypt security model.)

* Link against -lrt for clock_gettime to fix undefined reference
  to clock_gettime error (introduced in 1.6.2).

* Fix misleading error message when some algorithms are not available.

* Count system time in PBKDF2 benchmark if kernel returns no self usage info.
  (Workaround to broken getrusage() syscall with some hypervisors.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTD04wAAoJENmwV3vZPpj8M7oQAMbDHAyN6LezVcIUgbfDJXP6
eqAP6uxjI3Z0gu0+ibui5LfmCHinSaFvNoBrdc/QORjMWwUJdZ4LWu5YCiUdbs4x
434ovIGrMVf3m4fe9ZoJAUgTvYWYt4iPv4vtyTYfO9N/MjMDdJAcrdYWm2Aw0Azx
ElD9EnOywPUNNCrKF4fuNH24GBuYh/6vHmoPGwE+R+zZQlRo68AsxZuc0ESqY2eO
GHJ39uQOl8UzxcspJwBalDo2PM9fvVMffJdnMc9E9m28JqmoSVLKLq+y1dPFn0e3
fecWiDvSDGfzPIpDZZcQOnDDfnah/HyX5tpijbGvGqzEgHh9AwBq2oSxrQj28yYe
bj5Qo2fHEQ1hR/Klb20a5cHLlhX3c86/P6RHVsf7Hq9Dzd5U009s659ZX3RIqnfk
oi1tjwrHKpkTqgF5/Ww8fuujvNCwATW+cJ5twgN1bYei7vK8H3eYcmSrp+OXa0Tc
tFFgFKG5XkUNBOoFhCLXTJvByco+O9l3NY5rJa3Zlq+jcH5ryhB69TZW+LkicYsc
nX9LEIPxeX+eaaM/hP/t25aRQFm7/Oy/lib7l8m55FYXmBTjvhbOInjkApc/NCGw
aAG5hdA75lAl+HYdaE0rHe9iOH3D2ZRCm667UjFPHLWxBVzOd/vMNwo0K0Zls/ps
Aphn84K2ZuPizxFBf9hx
=UIgE
-----END PGP SIGNATURE-----

next             reply	other threads:[~2014-02-27 14:39 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-27 14:39 Milan Broz [this message]
2014-02-27 17:30 ` [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4 Thomas Bächler
2014-02-28  7:51   ` Milan Broz
2014-02-28 11:29   ` Milan Broz
2014-02-28 11:38     ` Arno Wagner
2014-02-28 21:26     ` Sven Eschenberg
2014-02-28 21:46       ` Arno Wagner
2014-02-28 22:06         ` Sven Eschenberg
2014-02-28 23:27           ` Arno Wagner
2014-03-01  7:39             ` Sven Eschenberg
2014-03-01  8:35               ` Milan Broz
2014-03-01 11:32                 ` Sven Eschenberg
2014-03-01 16:50                 ` Heinz Diehl
2014-03-01 19:44                   ` Arno Wagner
2014-03-02  7:35                     ` Heinz Diehl
2014-03-02 15:17                       ` Arno Wagner
2014-03-01 13:50               ` Arno Wagner
2014-02-27 21:44 ` Heinz Diehl
2014-02-27 22:36   ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=530F4E30.6000204@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.