[dm-crypt] [ANNOUNCE] cryptsetup 2.0.0
geokozey at mailfence.com
Mon Dec 11 13:12:13 CET 2017
> From: Milan Broz <gmazyland at gmail.com>
> Sent: Sun Dec 10 21:36:42 CET 2017
> To: dm-crypt <dm-crypt at saout.de>
> Subject: [dm-crypt] [ANNOUNCE] cryptsetup 2.0.0
> 1) aes-xts-plain64 with hmac-sha256 or hmac-sha512 as the authentication tag.
> (Common FDE mode + independent authentication tag. Authentication key
> for HMAC is independently generated. This mode is very slow.)
> $ cryptsetup luksFormat --type luks2 <device> --cipher aes-xts-plain64 --integrity hmac-sha256
I see this part changed from last RC release. So no more random IV for aes-xts?
Is it still possible to disable integrity with "--integrity none" option to have
equivalent of LUKS1 ciphers used along with other LUKS2 features like argon2?
> For now, default LUKS2 PBKDF algorithm is Argon2i (data independent variant)
> with memory cost set to 128MB, time to 800ms and parallel thread according
> to available CPU cores but no more than 4.
Is above actual after:
More information about the dm-crypt