[pkg-cryptsetup-devel] plain problems
Guilhem Moulin
guilhem at debian.org
Fri May 3 16:43:50 BST 2024
On Fri, 03 May 2024 at 16:24:52 +0100, ael wrote:
> Maybe a modification to the man page for cryptsetup-open would help:
> "Example: 'cryptsetup open --type plain --cipher aes-cbc-essiv:sha256 --key-size 256 --hash
> sha256 /dev/sda10 e1' maps the ..."
That'd be an upstream decision, but my 2¢ is that including legacy
commands in the manual is probably not a good idea as people tend to
blindly copy them without understanding the implications. Best to use
currents default for new devices.
And as the manual says, it is generally advised to use LUKS over plain
dm-crypt. IMHO the main exception is transient devices (for instance
for the swap partition of a system when suspend-to-disk ability has been
disabled), which by definition is unaffected by the change of default
cipher/hash.
> I would be surprised if I was the only one caught by this: I would post
> a note somewhere to alert others and save you having to reply to more
> questions. But I am not sure where would be a good place.
Just filed https://bugs.debian.org/1070314 against release-notes (forgot
to do it when uploading 2:2.7.0~rc0-1 to experimental, but it makes
sense now that 2.7 transitioned to testing). Thanks for the reminder.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20240503/8f134b3d/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list