[pkg-cryptsetup-devel] Bug#714331: Bug#714331: Bug#714331: cryptsetup: switch to "more secure" defaults?
Jonas Meurer
jonas at freesources.org
Fri Jun 28 21:24:13 UTC 2013
Am 28.06.2013 23:03, schrieb Christoph Anton Mitterer:
> On Fri, 2013-06-28 at 21:57 +0200, Jonas Meurer wrote:
>> I don't get it. Do you even check the things you claim before sending
>> bugreports?
> Sure ;-)
Good :)
>> Defaults for plain dm-crypt devices didn't change within the
>> last releases.
> Yeah I saw that... but the reason for that, as Milan laid out is
> backwards compatibility, right?
> So that means we need to keep the "old" settings in cryptsetup (binary)
> and in the scripts where you auto-set-up devices...
>
> But IMHO we could change any recipes (because for new setups,... nothing
> should prevent people to use the "better" modes with plain).
Agreed.
> But all the above matches are, AFAICS, examples on how users could set
> up their swap, etc. pp. right?
>
> If you agree that we can/should change these... I can make a patch.
Ok, indeed the examples could be changed to use xts. Feel free to
provide a patch. I'll happily accept it. As long as only the values for
block cipher mode etc. are changed, and you don't change other details
here and there ;)
Kind regards,
jonas
More information about the pkg-cryptsetup-devel
mailing list