[Pkg-cryptsetup-devel] Bug#369878: cryptsetup: luksformat should use essiv cipher

Thu Jun 1 22:13:23 UTC 2006

Package: cryptsetup
Version: 2:1.0.3-1
Severity: wishlist
Tags: patch

Hi,

the luksformat script should use an essiv cipher as default, since on
Debian systems 2.6.16 is now the default kernel with support for essiv.
Attached is a patch.

Regards,
  Bastian

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-treasure17
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.05-2 The Linux Kernel Device Mapper use
ii  libc6                        2.3.6-11    GNU C Library: Shared libraries
ii  libdevmapper1.02             2:1.02.05-2 The Linux Kernel Device Mapper use
ii  libgcrypt11                  1.2.2-1     LGPL Crypto library - runtime libr
ii  libgpg-error0                1.2-1       library for common error values an
ii  libpopt0                     1.7-5       lib for parsing cmdline parameters
ii  libuuid1                     1.39-1      universally unique id library

cryptsetup recommends no packages.

-- no debconf information
-------------- next part --------------

--- /sbin/luksformat.orig	2006-06-01 23:39:30.459459086 +0200
+++ /sbin/luksformat	2006-06-01 23:44:20.061280364 +0200
@@ -49,7 +49,7 @@
 # we do not need to be overly concerned with race conditions here, cryptsetup
 # will just fail if the name already exists now.
 print "Creating encrypted device on $device...\n";
-if ((system 'cryptsetup', 'luksFormat', $device)) {
+if ((system 'cryptsetup', 'luksFormat', '--cipher', 'aes-cbc-essiv:sha256', $device)) {
     die "Could not create LUKS device $device";
 }
 
