|
Packit |
94f725 |
Cryptsetup 2.0.2 Release Notes
|
|
Packit |
94f725 |
==============================
|
|
Packit |
94f725 |
Stable and bug-fix release with experimental features.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
The legacy LUKS (referenced as LUKS1) will be fully supported
|
|
Packit |
94f725 |
forever as well as a traditional and fully backward compatible format.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
Please note that authenticated disk encryption, non-cryptographic
|
|
Packit |
94f725 |
data integrity protection (dm-integrity), use of Argon2 Password-Based
|
|
Packit |
94f725 |
Key Derivation Function and the LUKS2 on-disk format itself are new
|
|
Packit |
94f725 |
features and can contain some bugs.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
To provide all security features of authenticated encryption, we need
|
|
Packit |
94f725 |
a better nonce-reuse resistant algorithm in the kernel (see note below).
|
|
Packit |
94f725 |
For now, please use authenticated encryption as an experimental feature.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
Please do not use LUKS2 without properly configured backup or in
|
|
Packit |
94f725 |
production systems that need to be compatible with older systems.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
Changes since version 2.0.1
|
|
Packit |
94f725 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Fix a regression in early detection of inactive keyslot for luksKillSlot.
|
|
Packit |
94f725 |
It tried to ask for passphrase even for already erased keyslot.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Fix a regression in loopaesOpen processing for keyfile on standard input.
|
|
Packit |
94f725 |
Use of "-" argument was not working properly.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Add LUKS2 specific options for cryptsetup-reencrypt.
|
|
Packit |
94f725 |
Tokens and persistent flags are now transferred during reencryption;
|
|
Packit |
94f725 |
change of PBKDF keyslot parameters is now supported and allows
|
|
Packit |
94f725 |
to set precalculated values (no benchmarks).
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
|
|
Packit |
94f725 |
combination. Persistent flags are now stored only if the device was
|
|
Packit |
94f725 |
successfully activated with the specified flags.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Fix integritysetup format after recent Linux kernel changes that
|
|
Packit |
94f725 |
requires to setup key for HMAC in all cases.
|
|
Packit |
94f725 |
Previously integritysetup allowed HMAC with zero key that behaves
|
|
Packit |
94f725 |
like a plain hash.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Fix VeraCrypt PIM handling that modified internal iteration counts
|
|
Packit |
94f725 |
even for subsequent activations. The PIM count is no longer printed
|
|
Packit |
94f725 |
in debug log as it is sensitive information.
|
|
Packit |
94f725 |
Also, the code now skips legacy TrueCrypt algorithms if a PIM
|
|
Packit |
94f725 |
is specified (they cannot be used with PIM anyway).
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* PBKDF values cannot be set (even with force parameters) below
|
|
Packit |
94f725 |
hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
|
|
Packit |
94f725 |
it is 4 iterations and 32 KiB of memory cost.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Introduce new crypt_token_is_assigned() API function for reporting
|
|
Packit |
94f725 |
the binding between token and keyslots.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Allow crypt_token_json_set() API function to create internal token types.
|
|
Packit |
94f725 |
Do not allow unknown fields in internal token objects.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Print message in cryptsetup that about was aborted if a user did not
|
|
Packit |
94f725 |
answer YES in a query.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
Unfinished things & TODO for next releases
|
|
Packit |
94f725 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
94f725 |
* There will be better documentation and examples.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* There will be some more formal definition of the threat model for integrity
|
|
Packit |
94f725 |
protection. (And a link to some papers discussing integrity protection,
|
|
Packit |
94f725 |
once it is, hopefully, accepted and published.)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Authenticated encryption will use new algorithms from CAESAR competition
|
|
Packit |
94f725 |
https://competitions.cr.yp.to/caesar-submissions.html.
|
|
Packit |
94f725 |
We plan to use AEGIS and MORUS, as CAESAR finalists.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
|
|
Packit |
94f725 |
in the kernel have too small 96-bit nonces that are problematic with
|
|
Packit |
94f725 |
randomly generated IVs (the collision probability is not negligible).
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* Authenticated encryption do not set encryption for a dm-integrity journal.
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
While it does not influence data confidentiality or integrity protection,
|
|
Packit |
94f725 |
an attacker can get some more information from data journal or cause that
|
|
Packit |
94f725 |
system will corrupt sectors after journal replay. (That corruption will be
|
|
Packit |
94f725 |
detected though.)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* There are examples of user-defined tokens inside misc/luks2_keyslot_example
|
|
Packit |
94f725 |
directory (like a simple external program that uses libssh to unlock LUKS2
|
|
Packit |
94f725 |
using remote keyfile).
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
* The python binding (pycryptsetup) contains only basic functionality for LUKS1
|
|
Packit |
94f725 |
(it is not updated for new features) and will be deprecated in version 2.1
|
|
Packit |
94f725 |
in favor of python bindings to the libblockdev library.
|