- version 1.6.4
- new tarball / signature location
* Implement new erase (with alias luksErase) command.
* Add internal "whirlpool_gcryptbug hash" for accessing flawed
Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).
* Allow to use --disable-gcrypt-pbkdf2 during configuration
to force use internal PBKDF2 code.
* Require gcrypt 1.6.1 for imported implementation of PBKDF2
(PBKDF2 in gcrypt 1.6.0 is too slow).
* Add --keep-key to cryptsetup-reencrypt.
* By default verify new passphrase in luksChangeKey and luksAddKey
commands (if input is from terminal).
* Fix memory leak in Nettle crypto backend.
* Support --tries option even for TCRYPT devices in cryptsetup.
* Support --allow-discards option even for TCRYPT devices.
(Note that this could destroy hidden volume and it is not suggested
by original TrueCrypt security model.)
* Link against -lrt for clock_gettime to fix undefined reference
to clock_gettime error (introduced in 1.6.2).
* Fix misleading error message when some algorithms are not available.
* Count system time in PBKDF2 benchmark if kernel returns no self
usage info.