[dm-crypt] [ANNOUNCE] cryptsetup 2.0.0

Geo Kozey geokozey at mailfence.com
Mon Dec 11 13:12:13 CET 2017


> From: Milan Broz <gmazyland at gmail.com>
> Sent: Sun Dec 10 21:36:42 CET 2017
> To: dm-crypt <dm-crypt at saout.de>
> Subject: [dm-crypt] [ANNOUNCE] cryptsetup 2.0.0
> 
>   1) aes-xts-plain64 with hmac-sha256 or hmac-sha512 as the authentication tag.
>      (Common FDE mode + independent authentication tag. Authentication key
>       for HMAC is independently generated. This mode is very slow.)
>      $ cryptsetup luksFormat --type luks2 <device> --cipher aes-xts-plain64 --integrity hmac-sha256
> 

I see this part changed from last RC release. So no more random IV for aes-xts?
Is it still possible to disable integrity with "--integrity none" option to have
equivalent of LUKS1 ciphers used along with other LUKS2 features like argon2?  

> 
>   For now, default LUKS2 PBKDF algorithm is Argon2i (data independent variant)
>   with memory cost set to 128MB, time to 800ms and parallel thread according
>   to available CPU cores but no more than 4.

Is above actual after:
https://gitlab.com/cryptsetup/cryptsetup/commit/3c2f92a7afc2ae4c99fa937f1b189bc1375374ad

Yours sincerely

G. K.


More information about the dm-crypt mailing list