[pkg-cryptsetup-devel] Bug#714331: Bug#714331: Bug#714331: Bug#714331: cryptsetup: switch to "more secure" defaults?

[Christoph Anton Mitterer]

On Sat, 2013-06-29 at 02:35 +0200, Jonas Meurer wrote:
> I even remember some
> discussion whether aes256 might be less secure than aes128.
I remember something, too... but not sure what the real outcome was in
the end...

> I'm not a
> crypto expert at all, so I prefer to go with upstreams defaults. Is this
> ok for you?
Sure... you could have just asked for the same patch with the other
defaults and I'd have made it for you :)


> Good point. I replaced all occurences of 'hdXY' by 'sdXY'. Thanks for
> the pointer.
ah... sdXY is even better than my sdaN idea :)


> Most examples use high letter+number combinations like sdg8 for that
> exact reason. To be honest I prefer real examples. If you've the feeling
> that any of the examples is particularely prone to copy&paste accidents,
> and a warning might help, please send me a patch.
ah ok... understood you wrong above...

Well I think a warning text just clutters and then we better leave it at
sdg8 or so (which arguably most people won't have).

It's not _that_ particular prone I think... I just noticed at some
lectures I give at the Uni, that people always tend to copy&past first
and only think afterwards... which is why I personally started to always
use examples that won't work (e.g. in Domains I even don't used
example.com or so... but things like example.invalid).

Anyway... I think it's fine then as it is =)

Oh and I think we can close that issue now from my side, when you did
all the changes in svn? (You also made that changes you've mentioned to
have found in luksFormat right?)


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5113 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20130629/77bff4ea/attachment.bin>