cryptsetup (2:2.7.0~rc0-1) experimental; urgency=medium Default cipher and password hashing for plain mode have respectively been changed to aes-xts-plain64 and sha256 (from aes-cbc-essiv:sha256 resp. ripemd160). The new values matches what is used for LUKS, but the change does NOT affect LUKS volumes. This is a backward incompatible change for plain mode when relying on the defaults, which (for plain mode only) is strongly advised against. For many releases the Debian wrappers found in the ‘cryptsetup’ binary package have spewed a loud warning for plain devices from crypttab(5) where ‘cipher=’ or ‘hash=’ are not explicitly specified. The cryptsetup(8) executable now issue such a warning as well. -- Guilhem Moulin <guilhem@debian.org> Wed, 29 Nov 2023 17:19:10 +0100 cryptsetup (2:2.3.6-1+exp1) bullseye-security; urgency=high This release fixes a key truncation issue for standalone dm-integrity devices using HMAC integrity protection. For existing such devices with extra long HMAC keys (typically >106 bytes of length, see https://bugs.debian.org/949336#78 for the various corner cases), one might need to manually truncate the key using integritysetup(8)'s `--integrity-key-size` option in order to properly map the device under 2:2.3.6-1+exp1 and later. Only standalone dm-integrity devices are affected. dm-crypt devices, including those using authenticated disk encryption, are unaffected. -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200
Generated by dwww version 1.16 on Mon Dec 15 21:02:52 CET 2025.