[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1070314: marked as done (cryptsetup: backward incompatible change for plain mode when relying on defaults)



Your message dated Sun, 20 Jul 2025 10:30:32 +0200
with message-id <aHypKFLemyAXHb4H@per.namespace.at>
and subject line Re: Bug#1070314: cryptsetup: backward incompatible change for plain mode when relying on defaults
has caused the Debian Bug report #1070314,
regarding cryptsetup: backward incompatible change for plain mode when relying on defaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1070314: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070314
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Severity: wishlist

Hi,

cryptsetup 2:2.7.0~rc0-1 has a backward incompatible change for plain
mode when relying on defaults cipher and password hashing algorithm.

The change affects users upgrading from bookworm to trixie.  Plain mode
is generally advised against but it still makes sense to include the
NEWS entry into the release notes.

--8<--------------------------------------------------------------------->8--

  Default cipher and password hashing for plain mode have respectively
  been changed to aes-xts-plain64 and sha256 (from aes-cbc-essiv:sha256
  resp. ripemd160).

  The new values matches what is used for LUKS, but the change does NOT
  affect LUKS volumes.

  This is a backward incompatible change for plain mode when relying on
  the defaults, which (for plain mode only) is strongly advised against.
  For many releases the Debian wrappers found in the ‘cryptsetup’ binary
  package have spewed a loud warning for plain devices from crypttab(5)
  where ‘cipher=’ or ‘hash=’ are not explicitly specified.  The
  cryptsetup(8) executable now issue such a warning as well.

--8<--------------------------------------------------------------------->8--

(Original text from https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/latest/debian/cryptsetup-bin.NEWS )

Cheers,
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message ---
On Sat, Jul 19, 2025 at 02:01:47AM +0200, Chris Hofstaedtler wrote:
> Control: forwarded -1 https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/283 

Merged.

Chris

--- End Message ---

Reply to: