Re: Bug#1070314: cryptsetup: backward incompatible change for plain mode when relying on defaults
Guilhem Moulin <guilhem@debian.org> writes:
> cryptsetup 2:2.7.0~rc0-1 has a backward incompatible change for plain
> mode when relying on defaults cipher and password hashing algorithm.
>
> The change affects users upgrading from bookworm to trixie. Plain mode
> is generally advised against but it still makes sense to include the
> NEWS entry into the release notes.
The text needs a bit of intro/context to be readable by an end-user. Can
you give some pointers to explain the basic issue here - what is "plain
mode"? is it the default now? what is the change, and what is the user
meant to do about in response to this change? what is the
"incompatability"?
> Default cipher and password hashing for plain mode have respectively
> been changed to aes-xts-plain64 and sha256 (from aes-cbc-essiv:sha256
> resp. ripemd160).
>
It would help to start with "The" before "default".
what does "resp." mean in this context?
Is there a crucial word missing after "hashing" - should it be "hash
function"?
> The new values matches what is used for LUKS, but the change does NOT
> affect LUKS volumes.
"value" not "values" here
(assuming LUKS is a noun) "by LUKS" not "for LUKS"?
the bit after the comma is pretty confusing to a non-expert like me,
what are you trying to say here? would i expect a change in cryptsetup
what *does* the change affect?
> This is a backward incompatible change for plain mode when relying on
> the defaults, which (for plain mode only) is strongly advised
> against.
i'm afraid I cant make any sense out of this paragraph! what is
"strongly advised against"?
> For many releases the Debian wrappers found in the ‘cryptsetup’ binary
> package have spewed a loud warning for plain devices from crypttab(5)
> where ‘cipher=’ or ‘hash=’ are not explicitly specified. The
> cryptsetup(8) executable now issue such a warning as well.
Is this an unrelated change or is there some link to the above?
Reply to: