[dm-crypt] [ANNOUNCE] cryptsetup 1.6.6

Milan Broz gmazyland at gmail.com
Sat Aug 16 13:56:11 CEST 2014


On 08/16/2014 12:59 PM, .. ink .. wrote:
> 
> On Sat, Aug 16, 2014 at 6:49 AM, Milan Broz <gmazyland at gmail.com <mailto:gmazyland at gmail.com>> wrote:
> 
>  
> 
>     Cryptsetup API NOTE:
>     The direct terminal handling for passphrase entry will be removed from
>     libcryptsetup in next major version (application should handle it itself).
> 
>     It means that you have to always either provide password in buffer or set
>     your own password callback function through crypt_set_password_callback().
>     See API documentation (or libcryptsetup.h) for more info.
> 
> 
>  
> Any reason why this API is being remove?

In fact this was a design mistake while I was rewriting API from legacy code.
No direct terminal handling should be in library this way and AFAIK there are no
extensive users for this part of API (except cryptsetup binary itself).
So in fact this should not cause any problem at all, except need for rebuild.

(IOW it is only removal of "NULL" option in password param in API functions,
functions will stay the same - grep for deprecated warnings in libcryptsetup.h.)

> Any new APIs will be introduced in the next major version?

Probably yes, depends on which planned features we will be able to implement.

The most important task I would like to see is support for new KDF algorithms
for LUKS, based on Password hashing competition finalist.

This will require some header extension but maybe it is possible that we will
have complete new LUKS2 on-disk header version.

There will be some experimental branches for some time for testing and discussion.

Milan


More information about the dm-crypt mailing list