Overview
Request 676565 superseded
- New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB.
It includes metadata and the area used for binary keyslots;
it means that LUKS header backup is now 16MB in size.
* Cryptsetup now doubles LUKS default key size if XTS mode is used
(XTS mode uses two internal keys). This does not apply if key size
is explicitly specified on the command line and it does not apply
for the plain mode.
This fixes a confusion with AES and 256bit key in XTS mode where
code used AES128 and not AES256 as often expected.
* Default cryptographic backend used for LUKS header processing is now
OpenSSL. For years, OpenSSL provided better performance for PBKDF.
* The Python bindings are no longer supported and the code was removed
from cryptsetup distribution. Please use the libblockdev project
that already covers most of the libcryptsetup functionality
including LUKS2.
* Cryptsetup now allows using --offset option also for luksFormat.
* Cryptsetup now supports new refresh action (that is the alias for
"open --refresh").
* Integritysetup now supports mode with detached data device through
new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
someone has time to evaluate the fallout from switching to LUKS2.
- Created by lnussel
- In state superseded
- Superseded by 677121
- Open review for openSUSE:Factory:Staging:D
Request History
lnussel created request
- New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB.
It includes metadata and the area used for binary keyslots;
it means that LUKS header backup is now 16MB in size.
* Cryptsetup now doubles LUKS default key size if XTS mode is used
(XTS mode uses two internal keys). This does not apply if key size
is explicitly specified on the command line and it does not apply
for the plain mode.
This fixes a confusion with AES and 256bit key in XTS mode where
code used AES128 and not AES256 as often expected.
* Default cryptographic backend used for LUKS header processing is now
OpenSSL. For years, OpenSSL provided better performance for PBKDF.
* The Python bindings are no longer supported and the code was removed
from cryptsetup distribution. Please use the libblockdev project
that already covers most of the libcryptsetup functionality
including LUKS2.
* Cryptsetup now allows using --offset option also for luksFormat.
* Cryptsetup now supports new refresh action (that is the alias for
"open --refresh").
* Integritysetup now supports mode with detached data device through
new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
someone has time to evaluate the fallout from switching to LUKS2.
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
staging-bot added openSUSE:Factory:Staging:D as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:D"
staging-bot accepted review
Picked openSUSE:Factory:Staging:D
namtrac accepted review
repo-checker accepted review
cycle and install check passed
dimstar_suse superseded request
superseded by 677121