Bug#759588: [pkg-cryptsetup-devel] Bug#759588: release-notes: Disk encrypted with cryptsetup LUKS whirlpool needs to be migrated manually
On Thu, 11 Sep 2014 23:15:00 +0200 Jonas Meurer <firstname.lastname@example.org>
> Am 11.09.2014 um 16:43 schrieb Osamu Aoki:
> > Hi,
> > [...]
> Agreed. Though I'm not sure whether the change should be mentioned in
> release notes at all. My impression is that few people use whirlpool
> with cryptsetup. And for users skilled enough chose a different hash
> function the warning in NEWS.Debian might be enough, no?
> I have to admit that I don't know much about the scope of Debian release
> notes, so I don't want to argue over whether the cryptsetup whirlpool
> issues should be mentioned there ;)
> Kind regards,
Thanks for filing this bug; I am in the process of writing a section for
it. Please see attached patch for the actual wording - comments and
@Jonas: Is it correctly asserted of me that it is possible to check if
your disk is affected by running:
/sbin/cryptsetup luksDump <disk-device> | grep -i whirlpool
If so, we can add this as a simple test to the release notes.
diff --git a/en/issues.dbk b/en/issues.dbk
index dd74a5c..19bf331 100644
@@ -184,4 +184,38 @@ the current ESR releases for stable.
+ <!-- Wheezy to Jessie -->
+ <title>Manual migration of disks encrypted with LUKS whirlpool
+ (non-standard setup)</title>
+ This section is only for people have set up such disks
+ themselves. The debian-installer <emphasis>never</emphasis>
+ supported creating such disks.
+ If you have <emphasis>manually</emphasis> setup an encrypted disk
+ with LUKS whirlpool, you will need to migrate it manually to a
+ stronger hash.
+ For more information on migrating, please see item "8.3 Gcrypt
+ 1.6.x and later break Whirlpool" of the <ulink
+ If you have such a disk, <systemitem
+ role="package">cryptsetup</systemitem> will refuse to decrypt by
+ default. If your rootdisk or other system disks (e.g. /usr) are
+ encrypted with whirlpool, you should ensure to migrate them
+ prior to the first reboot after upgrading <systemitem