* [dm-crypt] [ANNOUNCE] cryptsetup 1.6.5
@ 2014-06-29 12:34 Milan Broz
0 siblings, 0 replies; only message in thread
From: Milan Broz @ 2014-06-29 12:34 UTC (permalink / raw)
To: dm-crypt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The stable cryptsetup 1.6.5 release is available at
https://code.google.com/p/cryptsetup/
Please note that release packages are now located on kernel.org
https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/
Feedback and bug reports are welcomed.
Cryptsetup 1.6.5 Release Notes
==============================
Changes since version 1.6.4
* Allow LUKS header operation handling without requiring root privilege.
It means that you can manipulate with keyslots as a regular user, only
write access to device (or image) is required.
This requires kernel crypto wrapper (similar to TrueCrypt device handling)
to be available (CRYPTO_USER_API_SKCIPHER kernel option).
If this kernel interface is not available, code fallbacks to old temporary
keyslot device creation (where root privilege is required).
Note that activation, deactivation, resize and suspend operations still
need root privilege (limitation of kernel device-mapper backend).
* Fix internal PBKDF2 key derivation function implementation for alternative
crypto backends (kernel, NSS) which do not support PBKDF2 directly and have
issues with longer HMAC keys.
This fixes the problem for long keyfiles where either calculation is too slow
(because of internal rehashing in every iteration) or there is a limit
(kernel backend seems to not support HMAC key longer than 20480 bytes).
(Note that for recent version of gcrypt, nettle or openssl the internal
PBKDF2 code is not compiled in and crypto library internal functions are
used instead.)
* Support for Python3 for simple Python binding.
Python >= 2.6 is now required. You can set Python compiled version by setting
--with-python_version configure option (together with --enable-python).
* Use internal PBKDF2 in Nettle library for Nettle crypto backend.
Cryptsetup compilation requires Nettle >= 2.6 (if using Nettle crypto backend).
* Allow simple status of crypt device without providing metadata header.
The command "cryptsetup status" will print basic info, even if you
do not provide detached header argument.
* Allow to specify ECB mode in cryptsetup benchmark.
* Add some LUKS images for regression testing.
Note that if image with Whirlpool fails, the most probable cause is that
you have old gcrypt library with flawed whirlpool hash.
Read FAQ section 8.3 for more info.
Cryptsetup API NOTE
The direct terminal handling for passphrase entry will be removed from
libcryptsetup in next major version (application should handle it itself).
It means that you have to always either provide password in buffer or set
your own password callback function through crypt_set_password_callback().
See API documentation (or libcryptsetup.h) for more info.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTsAfbAAoJENmwV3vZPpj8TZIQAKxUUI4b6PF/nOG+zcVkF29w
YgIWYui07Jr13YCrEHQC1SyuCnFOB1LB0zwePmPkRCufuff+m0OOlSz0hYowx/66
hQj6xLynFEEHYesD5hche8ZLZ0JtKi4JxSQzSBQrOLOe/Mm098Gr2wzgbe2rGm+V
23mwYTvQ3XcYmyFvnRJmpW1wsqXSww++u64IcArjh9AkEW/Be4OzQ1hGh0Rl8o77
1XO9wuIzufyKvOr04WHwsi3EGXyGEia/oYqVFdNzBTIQAsgwiuxugXTm3b74OaCv
GQbKPiIIWzREGqiAuQXMdlAccI/ySgIRhkXHqb2xCWsFlJsB4bsY9b0HuHKLrt7/
vHIMXsRNEKZxNX1/mlbLHU/Yc3h249BinXs7rQ6H3a4x2SIWR4bZaR8UHpD+K8xz
1KCZwMFwXwS8YkBNUxSSWNEJsUsOdvcHTVq5tIJc3LdbAUjZooCtPcsRqpYkrADx
SADIS3Uak2yA2OhtdhuyXJggOBhHaXcK7aGml9D/uXpv8nrfyDJgApClNlGSA5Um
0E9ds41MXkDP5M+KLAhnS6330OJwU4DsXO5Nu+JJZNuwwsU96DYdlimRt0lwwX0d
Vdq+2UncmzVoVPopfccNc5b1QxMHXjk6q1l8cive61Vy393l9eQ0M4ENfIG0l774
738lytgydUWz91+b3+ug
=4TFj
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-06-29 12:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-29 12:34 [dm-crypt] [ANNOUNCE] cryptsetup 1.6.5 Milan Broz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.