tChange default cipher specification - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 39bfce25f8f64bf7f450e345a4b8700702064769
(DIR) parent 8e9cc7d5c23dee8cd2df2bd67958e4b59b8b3070
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Sun, 12 Jan 2014 23:32:23 +0100
Change default cipher specification
new default is "aes-xts-plain64:sha256"
manpage now includes note on how to tune it
fixes #102
Diffstat:
M doc/tomb.1 | 6 ++++--
M tomb | 4 +++-
2 files changed, 7 insertions(+), 3 deletions(-)
---
(DIR) diff --git a/doc/tomb.1 b/doc/tomb.1
t@@ -54,8 +54,10 @@ Initializes and locks an empty tomb (made with \fIdig\fR) using a key
(made with \fIforge\fR), making it ready for usage. After this
operation, the tomb can only be open in possession of the key and
knowing its password. As in any other command requiring a key, the
-option \fI-k\fR should be used to specify a key file. This operation
-requires root privileges to loopback mount, format the tomb (using
+option \fI-k\fR should be used to specify a key file. The \fI-o\fR
+option can be used to specify the cipher specification: default is
+"aes-xts-plain64:sha256", old versions of Tomb used "aes-cbc-essiv:sha256".
+This operation requires root privileges to loopback mount, format the tomb (using
LUKS and Ext4), then set the key in its first LUKS slot.
.B
(DIR) diff --git a/tomb b/tomb
t@@ -1154,7 +1154,9 @@ lock_tomb_with_key() {
if option_is_set -o; then
cipher="`option_value -o`"
else
- cipher="aes-cbc-essiv:sha256"
+ cipher="aes-xts-plain64:sha256"
+ # old default was aes-cbc-essiv:sha256
+ # for more alternatives refer to cryptsetup(8)
fi
_message "locking using cipher: $cipher"