[pkg-cryptsetup-devel] cryptsetup 2.1.0-1 in sid: new default LUKS version, and more changes
Guilhem Moulin
guilhem at debian.org
Mon Apr 15 22:32:28 BST 2019
Hi,
On Mon, 15 Apr 2019 at 22:46:16 +0200, Cyril Brulebois wrote:
> And sorry for the lag. While I understand why one might want to use
> LUKS2, this switch seems to be happening very late in the release cycle…
The discussion started in summer 2018 though. We I objected to
‘partman-crypto/merge_requests/1’ the plan was to default to LUKS2 ready
in late 2018, so time for Buster. Sorry for rushing this now. In
retrospect a better path would have been to leave ‘--type=luks2’ in d-i,
at least for early tests.
> but I haven't spotted anything like that when testing the guided
> encrypted LVM recipe (that's one of the usual tests I run before
> deciding a release can be prepared).
cryptsetup doesn't directly use getrandom() at the moment; instead it
open()s /dev/urandom (resp. /dev/random if `--use-random` is set) and
read()s from it. Reading from /dev/urandom isn't blocking, unless
`--use-random` is set the change won't affect entropy starvation.
However getrandom(,16, GRND_NONBLOCK) is used indirectly by libuuid's
uuid_generate(). However changing the LUKS version (or downgrading
cryptsetup) has no impact here; and FWIW `mkfs` generates UUIDs as well.
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190415/9a3f615c/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list