summaryrefslogtreecommitdiffstats
path: root/docs/v2.0.2-ReleaseNotes
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:04:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:04:28 +0000
commit6504f7fe43e9264a110527374f4bbe20f8e0004d (patch)
tree6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /docs/v2.0.2-ReleaseNotes
parentInitial commit. (diff)
downloadcryptsetup-6504f7fe43e9264a110527374f4bbe20f8e0004d.tar.xz
cryptsetup-6504f7fe43e9264a110527374f4bbe20f8e0004d.zip
Adding upstream version 2:2.6.1.upstream/2%2.6.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/v2.0.2-ReleaseNotes')
-rw-r--r--docs/v2.0.2-ReleaseNotes93
1 files changed, 93 insertions, 0 deletions
diff --git a/docs/v2.0.2-ReleaseNotes b/docs/v2.0.2-ReleaseNotes
new file mode 100644
index 0000000..bda57fd
--- /dev/null
+++ b/docs/v2.0.2-ReleaseNotes
@@ -0,0 +1,93 @@
+Cryptsetup 2.0.2 Release Notes
+==============================
+Stable and bug-fix release with experimental features.
+
+Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
+
+The legacy LUKS (referenced as LUKS1) will be fully supported
+forever as well as a traditional and fully backward compatible format.
+
+Please note that authenticated disk encryption, non-cryptographic
+data integrity protection (dm-integrity), use of Argon2 Password-Based
+Key Derivation Function and the LUKS2 on-disk format itself are new
+features and can contain some bugs.
+
+To provide all security features of authenticated encryption, we need
+a better nonce-reuse resistant algorithm in the kernel (see note below).
+For now, please use authenticated encryption as an experimental feature.
+
+Please do not use LUKS2 without properly configured backup or in
+production systems that need to be compatible with older systems.
+
+Changes since version 2.0.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix a regression in early detection of inactive keyslot for luksKillSlot.
+ It tried to ask for passphrase even for already erased keyslot.
+
+* Fix a regression in loopaesOpen processing for keyfile on standard input.
+ Use of "-" argument was not working properly.
+
+* Add LUKS2 specific options for cryptsetup-reencrypt.
+ Tokens and persistent flags are now transferred during reencryption;
+ change of PBKDF keyslot parameters is now supported and allows one
+ to set precalculated values (no benchmarks).
+
+* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
+ combination. Persistent flags are now stored only if the device was
+ successfully activated with the specified flags.
+
+* Fix integritysetup format after recent Linux kernel changes that
+ requires to setup key for HMAC in all cases.
+ Previously integritysetup allowed HMAC with zero key that behaves
+ like a plain hash.
+
+* Fix VeraCrypt PIM handling that modified internal iteration counts
+ even for subsequent activations. The PIM count is no longer printed
+ in debug log as it is sensitive information.
+ Also, the code now skips legacy TrueCrypt algorithms if a PIM
+ is specified (they cannot be used with PIM anyway).
+
+* PBKDF values cannot be set (even with force parameters) below
+ hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
+ it is 4 iterations and 32 KiB of memory cost.
+
+* Introduce new crypt_token_is_assigned() API function for reporting
+ the binding between token and keyslots.
+
+* Allow crypt_token_json_set() API function to create internal token types.
+ Do not allow unknown fields in internal token objects.
+
+* Print message in cryptsetup that about was aborted if a user did not
+ answer YES in a query.
+
+Unfinished things & TODO for next releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* There will be better documentation and examples.
+
+* There will be some more formal definition of the threat model for integrity
+ protection. (And a link to some papers discussing integrity protection,
+ once it is, hopefully, accepted and published.)
+
+* Authenticated encryption will use new algorithms from CAESAR competition
+ https://competitions.cr.yp.to/caesar-submissions.html.
+ We plan to use AEGIS and MORUS, as CAESAR finalists.
+
+ NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
+ in the kernel have too small 96-bit nonces that are problematic with
+ randomly generated IVs (the collision probability is not negligible).
+
+* Authenticated encryption do not set encryption for a dm-integrity journal.
+
+ While it does not influence data confidentiality or integrity protection,
+ an attacker can get some more information from data journal or cause that
+ system will corrupt sectors after journal replay. (That corruption will be
+ detected though.)
+
+* There are examples of user-defined tokens inside misc/luks2_keyslot_example
+ directory (like a simple external program that uses libssh to unlock LUKS2
+ using remote keyfile).
+
+* The python binding (pycryptsetup) contains only basic functionality for LUKS1
+ (it is not updated for new features) and will be deprecated in version 2.1
+ in favor of python bindings to the libblockdev library.