summaryrefslogtreecommitdiffstats
path: root/docs/v2.0.5-ReleaseNotes
blob: 907d5aa364cdf5c8480df80c6eb5cad14f5b965b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
Cryptsetup 2.0.5 Release Notes
==============================
Stable bug-fix release with new features.

Cryptsetup 2.x version introduces a new on-disk LUKS2 format.

The legacy LUKS (referenced as LUKS1) will be fully supported
forever as well as a traditional and fully backward compatible format.

Please note that authenticated disk encryption, non-cryptographic
data integrity protection (dm-integrity), use of Argon2 Password-Based
Key Derivation Function and the LUKS2 on-disk format itself are new
features and can contain some bugs.

Please do not use LUKS2 without properly configured backup or in
production systems that need to be compatible with older systems.

Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Wipe full header areas (including unused) during LUKS format.

  Since this version, the whole area up to the data offset is zeroed,
  and subsequently, all keyslots areas are wiped with random data.
  This ensures that no remaining old data remains in the LUKS header
  areas, but it could slow down format operation on some devices.
  Previously only first 4k (or 32k for LUKS2) and the used keyslot
  was overwritten in the format operation.

* Several fixes to error messages that were unintentionally replaced
  in previous versions with a silent exit code.
  More descriptive error messages were added, including error
  messages if
   - a device is unusable (not a block device, no access, etc.),
   - a LUKS device is not detected,
   - LUKS header load code detects unsupported version,
   - a keyslot decryption fails (also happens in the cipher check),
   - converting an inactive keyslot.

* Device activation fails if data area overlaps with LUKS header.

* Code now uses explicit_bzero to wipe memory if available
  (instead of own implementation).

* Additional VeraCrypt modes are now supported, including Camellia
  and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
  hash function. These were introduced in a recent VeraCrypt upstream.

  Note that Kuznyechik requires out-of-tree kernel module and
  Streebog hash function is available only with the gcrypt cryptographic
  backend for now.

* Fixes static build for integritysetup if the pwquality library is used.

* Allows passphrase change for unbound keyslots.

* Fixes removed keyslot number in verbose message for luksKillSlot,
  luksRemoveKey and erase command.

* Adds blkid scan when attempting to open a plain device and warn the user
  about existing device signatures in a ciphertext device.

* Remove LUKS header signature if luksFormat fails to add the first keyslot.

* Remove O_SYNC from device open and use fsync() to speed up
  wipe operation considerably.

* Create --master-key-file in luksDump and fail if the file already exists.

* Fixes a bug when LUKS2 authenticated encryption with a detached header
  wiped the header device instead of dm-integrity data device area (causing
  unnecessary LUKS2 header auto recovery).

Unfinished things & TODO for next releases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Authenticated encryption should use new algorithms from CAESAR competition
  https://competitions.cr.yp.to/caesar-submissions.html.
  AEGIS and MORUS are already available in kernel 4.18.

  For more info about LUKS2 authenticated encryption, please see our paper
  https://arxiv.org/abs/1807.00309

  Please note that authenticated encryption is still an experimental feature
  and can have performance problems for hish-speed devices and device
  with larger IO blocks (like RAID).

* Authenticated encryption do not set encryption for a dm-integrity journal.

  While it does not influence data confidentiality or integrity protection,
  an attacker can get some more information from data journal or cause that
  system will corrupt sectors after journal replay. (That corruption will be
  detected though.)

* There are examples of user-defined tokens inside misc/luks2_keyslot_example
  directory (like a simple external program that uses libssh to unlock LUKS2
  using remote keyfile).

* The python binding (pycryptsetup) contains only basic functionality for LUKS1
  (it is not updated for new features) and will be REMOVED in version 2.1
  in favor of python bindings to the libblockdev library.
  See https://github.com/storaged-project/libblockdev/releases that
  already supports LUKS2 and VeraCrypt devices handling through libcryptsetup.