1 Cryptsetup 1.6.0 Release Notes (RC1)
2 ====================================
4 Changes since version 1.5.1
5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
10 * Cryptsetup and libcryptsetup is now released under GPLv2+
11 (GPL version 2 or any later).
12 Some internal code handling files (loopaes, verity, tcrypt
13 and crypto backend wrapper) are LGPLv2+.
15 Previously code was GPL version 2 only.
18 * Introducing new unified command open and close.
21 cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name>
22 (type defaults to luks)
24 with backward-compatible aliases plainOpen, luksOpen, loopaesOpen,
25 tcryptOpen. Basically "open --type xyz" has alias "xyzOpen".
27 The "create" command (plain device create) is DEPRECATED but will
29 (This command is confusing because of switched arguments order.)
31 The close command is generic command to remove mapping and have
32 backward compatible aliases (remove, luksClose, ...) which behaves
35 While all old syntax is still supported, I strongly suggest to use
36 new command syntax which is common for all device types (and possible
37 new formats added in future).
40 * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play)
42 (Code is independent implementation not related to original project).
44 Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen)
45 of TCRYPT device are supported. No header changes are supported.
47 It is intended to easily access containers shared with other operating systems
48 without need to install 3rd party software. For native Linux installations LUKS
49 is the preferred format.
51 WARNING: TCRYPT extension requires kernel userspace crypto API to be available
52 (kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38).
54 Because TCRYPT header is encrypted, you have to always provide valid
55 passphrase and keyfiles. Keyfiles are handled exactly the same as in original
56 format (basically, first 1MB of every keyfile is mixed using CRC32 into pool).
58 Cryptsetup should recognize all TCRYPT header variants ever released, except
59 legacy cipher chains using LRW encryption mode with 64 bits encryption block
60 (namely Blowfish in LRW mode is not recognized, this is limitation of kernel
63 Device activation is supported only for LRW/XTS modes (again, limitation
64 of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode).
65 (So old containers cannot be activated, but you can use libcryptsetup
66 for lost password search, example of such code is included in misc directory.)
68 Hidden header are supported using --tcrypt-hidden option, system encryption
69 using --tcrypt-system option.
71 For detailed description see man page.
74 * Dump device parameters of container in file:
76 # cryptsetup tcryptDump tst
79 TCRYPT header information for tst
85 Cipher chain: serpent-twofish-aes
86 Cipher mode: xts-plain64
89 You can also dump master key using --dump-master-key.
90 Dump does not require superuser privilege.
92 * Activation of this container
94 # cryptsetup tcryptOpen tst tcrypt_dev
96 (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.)
98 * See status of active TCRYPT device
100 # cryptsetup status tcrypt_dev
102 /dev/mapper/tcrypt_dev is active.
104 cipher: serpent-twofish-aes-xts-plain64
113 * And plaintext filesystem now ready to mount
115 # blkid /dev/mapper/tcrypt_dev
116 /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat"
119 * Add (optional) support for lipwquality for new LUKS passwords.
121 If password is entered through terminal (no keyfile specified)
122 and cryptsetup is compiled with --enable-pwquality, default
123 system pwquality settings are used to check password quality.
125 You can always override this check by using new --force-password option.
127 For more info about pwquality project see http://libpwquality.fedorahosted.org/
130 * Proper handle interrupt signals (ctrl+c and TERM signal) in tools
132 Code should now handle interrupt properly, release and explicitly wipe
133 in-memory key materials on interrupt.
134 (Direct users of libcryptsetup should always call crypt_free() when
135 code is interrupted to wipe all resources. There is no signal handling
136 in library, it is up to the tool using it.)
139 * Add new benchmark command
141 The "benchmark" command now tries to benchmark PBKDF2 and some block
142 cipher variants. You can specify you own parameters (--cipher/--key-size
143 for block ciphers, --hash for PBKDF2).
145 See man page for detailed description.
147 WARNING: benchmark requires kernel userspace crypto API to be available
148 (kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38).
151 # cryptsetup benchmark
152 # Tests are approximate using memory only (no storage IO).
153 PBKDF2-sha1 111077 iterations per second
154 PBKDF2-sha256 53718 iterations per second
155 PBKDF2-sha512 18832 iterations per second
156 PBKDF2-ripemd160 89775 iterations per second
157 PBKDF2-whirlpool 23918 iterations per second
158 # Algorithm | Key | Encryption | Decryption
159 aes-cbc 128b 212.0 MiB/s 428.0 MiB/s
160 serpent-cbc 128b 23.1 MiB/s 66.0 MiB/s
161 twofish-cbc 128b 46.1 MiB/s 50.5 MiB/s
162 aes-cbc 256b 163.0 MiB/s 350.0 MiB/s
163 serpent-cbc 256b 23.1 MiB/s 66.0 MiB/s
164 twofish-cbc 256b 47.0 MiB/s 50.0 MiB/s
165 aes-xts 256b 190.0 MiB/s 190.0 MiB/s
166 serpent-xts 256b 58.4 MiB/s 58.0 MiB/s
167 twofish-xts 256b 49.0 MiB/s 49.5 MiB/s
168 aes-xts 512b 175.0 MiB/s 175.0 MiB/s
169 serpent-xts 512b 59.0 MiB/s 58.0 MiB/s
170 twofish-xts 512b 48.5 MiB/s 49.5 MiB/s
172 Or you can specify cipher yourself:
173 # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128
174 # Tests are approximate using memory only (no storage IO).
175 # Algorithm | Key | Encryption | Decryption
176 cast5-cbc 128b 32.4 MiB/s 35.0 MiB/s
178 WARNING: these tests do not use dmcrypt, only crypto API.
179 You have to benchmark the whole device stack and you can get completely
180 different results. But is is usable for basic comparison.
181 (Note for example AES-NI decryption optimization effect in example above.)
186 * Do not maintain ChangeLog file anymore, see git log for detailed changes,
187 e.g. here http://code.google.com/p/cryptsetup/source/list
189 * Move change key into library, add crypt_keyslot_change_by_passphrase().
190 This change is useful mainly in FIPS mode, where we cannot
191 extract volume key directly from libcryptsetup.
193 * Add verbose messages during reencryption.
195 * Default LUKS PBKDF2 iteration time is now configurable.
197 * Add simple cipher benchmarking API.
199 * Add kernel skcipher backend.
201 * Add CRC32 implementation (for TCRYPT).
203 * Move PBKDF2 into crypto backend wrapper.
204 This allows use it in other formats, use library implementations and
205 also possible use of different KDF function in future.
207 * New PBKDF2 benchmark using getrusage().
212 * Avoid O_DIRECT open if underlying storage doesn't support it.
214 * Fix some non-translated messages.
216 * Fix regression in header backup (1.5.1) with container in file.
218 * Fix blockwise read/write for end writes near end of device.
219 (was not used in previous versions)
221 * Ignore setpriority failure.
223 * Code changes to fix/ignore problems found by Coverity static analysis, including
224 - Get page size should never fail.
225 - Fix time of check/use (TOCTOU test) in tools
226 - Fix time of check/use in loop/wipe utils.
227 - Fix time of check/use in device utils.
229 * Disallow header restore if context is non-LUKS device.