Bug#759588: [pkg-cryptsetup-devel] Bug#759588: release-notes: Disk encrypted with cryptsetup LUKS whirlpool needs to be migrated manually

To: 759588@bugs.debian.org, Jonas Meurer <jonas@freesources.org>, Osamu Aoki <osamu@debian.org>
Subject: Bug#759588: [pkg-cryptsetup-devel] Bug#759588: release-notes: Disk encrypted with cryptsetup LUKS whirlpool needs to be migrated manually
From: Niels Thykier <niels@thykier.net>
Date: Tue, 25 Nov 2014 08:32:51 +0100
Message-id: <[🔎] 547430A3.9090408@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 759588@bugs.debian.org
In-reply-to: <541210D4.4000400@freesources.org>
References: <20140828192319.30801.56974.reportbug@solid.klabs.be> <d2886215794ea8c390fee829343edd64@imap.steindlberger.de> <20140911144335.GA8562@goofy.local> <541210D4.4000400@freesources.org> <541210D4.4000400@freesources.org>

On Thu, 11 Sep 2014 23:15:00 +0200 Jonas Meurer <jonas@freesources.org>
wrote:
> Am 11.09.2014 um 16:43 schrieb Osamu Aoki:
> > Hi,
> > 
> > [...]
> 
> Agreed. Though I'm not sure whether the change should be mentioned in
> release notes at all. My impression is that few people use whirlpool
> with cryptsetup. And for users skilled enough chose a different hash
> function the warning in NEWS.Debian might be enough, no?
> 
> I have to admit that I don't know much about the scope of Debian release
> notes, so I don't want to argue over whether the cryptsetup whirlpool
> issues should be mentioned there ;)
> 
> Kind regards,
>  jonas
> 

Hi,

Thanks for filing this bug; I am in the process of writing a section for
it.  Please see attached patch for the actual wording - comments and
feedback welcome.

@Jonas: Is it correctly asserted of me that it is possible to check if
your disk is affected by running:

   /sbin/cryptsetup luksDump <disk-device> | grep -i whirlpool

If so, we can add this as a simple test to the release notes.

Thanks,
~Niels

diff --git a/en/issues.dbk b/en/issues.dbk
index dd74a5c..19bf331 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -184,4 +184,38 @@ the current ESR releases for stable.
     "nofail" option.
   </para>
 </section>
+
+<section id="cryptsetup-luks-whirlpool">
+  <!-- Wheezy to Jessie -->
+  <title>Manual migration of disks encrypted with LUKS whirlpool
+  (non-standard setup)</title>
+  <note>
+    <para>
+      This section is only for people have set up such disks
+      themselves.  The debian-installer <emphasis>never</emphasis>
+      supported creating such disks.
+    </para>
+  </note>
+  <para>
+    If you have <emphasis>manually</emphasis> setup an encrypted disk
+    with LUKS whirlpool, you will need to migrate it manually to a
+    stronger hash.
+  </para>
+  <para>
+    For more information on migrating, please see item "8.3 Gcrypt
+    1.6.x and later break Whirlpool" of the <ulink
+    url="https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions";>cryptsetup
+    FAQ</ulink>.
+  </para>
+  <caution>
+    <para>
+      If you have such a disk, <systemitem
+      role="package">cryptsetup</systemitem> will refuse to decrypt by
+      default.  If your rootdisk or other system disks (e.g. /usr) are
+      encrypted with whirlpool, you should ensure to migrate them
+      prior to the first reboot after upgrading <systemitem
+      role="package">cryptsetup</systemitem>.
+    </para>
+  </caution>
+</section>
 </chapter>

Reply to:

Prev by Date: Bug#751112: release-notes: [jessie] Document changes in PHP 5.4->5.5 upgrade
Next by Date: Bug#759588: [pkg-cryptsetup-devel] Bug#759588: release-notes: Disk encrypted with cryptsetup LUKS whirlpool needs to be migrated manually
Previous by thread: Bug#751112: release-notes: [jessie] Document changes in PHP 5.4->5.5 upgrade
Next by thread: Bug#759588: [pkg-cryptsetup-devel] Bug#759588: release-notes: Disk encrypted with cryptsetup LUKS whirlpool needs to be migrated manually
Index(es):
- Date
- Thread