-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Joerg,
thank you for your mail. The bug it is about is #930782 [1], and fortunately there is a work-around: > Locking the tomb specifying the valid cipher on the command line works > > $ tomb lock -k x.key -o aes-xts-plain64 x.tomb > > [...] > tomb . Done locking x using Luks dm-crypt aes-xts-plain64 > tomb (*) Your tomb is ready in x.tomb and secured with key x.key This is something different than the luks1/luks2 issue upstream referred to in [2]. Anyway, tomb 2.6+dfsg1-2~bpo10+1 has already been uploaded to the backports NEW queue [3] and is awaiting release. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930782 [2] https://github.com/dyne/Tomb/blob/master/KNOWN_BUGS.md [3] https://ftp-master.debian.org/backports-new.html Sven Am Dienstag, den 08.10.2019, 13:53 +0200 schrieb Joerg Bornemann: > On Sun, 06 Oct 2019 22:43:32 +0200 Sven Geuer <debma...@g-e-u-e-r.de> > wrote: > > > Regarding 'important fix for usage of Tomb with cryptsetup 2.1': > > This seems to refer to [2], 'Issue opening tombs with cryptsetup > > > 2.0', which is an annoying bug but not a security issue. > > It would be merely an annoying bug if there was a work-around. > However, > this bug makes tomb unusable on buster: > > $ tomb lock secret.tomb -k secret.tomb.key > tomb . Commanded to lock tomb secret.tomb > tomb . Checking if the tomb is empty (we never step on somebody > else's > bones). > tomb . Fine, this tomb seems empty. > tomb . Key is valid. > tomb . Locking using cipher: aes-xts-plain64:sha256 > tomb . A password is required to use key secret.tomb.key > tomb . Password OK. > tomb (*) Locking secret.tomb with secret.tomb.key > tomb . Formatting Luks mapped device. > tomb [W] cryptsetup luksFormat returned an error. > tomb [E] Operation aborted. > > I suggest to raise the severity again. > > > BR, > > Joerg > > -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2c0bkACgkQrfUO2vit 1YUG/xAAtqSak1TAuR3CuQGzf6Q4GgCmUS/8I67nb8BIS5NBfGWp/FiD3MowtOJq a+vgY94JIjQYFcqvgt2/b98GTDHJ7YRKozaX4wAeCKMKyK0wEb2UP/b8LMhInT3m GRnA3rbUDMsm/1uOSuQJbJ8PQie7ZZ6KgIpLtTt6knukEMdoPwwpey8q9FMa+df3 MczOCx66Kv7lDJ4jD9HyeJx+JfjTe2iNNNNbk358Svre+ScYgLA+QFxudKPn5FBj Xdbx/Fvrs1wHtue4QwBZSDtkVzLDVCrUDsRFtsmh8g3NqxXCpo/zWbQat0VoigPe HJbhFEHzG25bOimeXKnjeSRLQWtFpw9Xaxkfji1iO7eypnPV0ElBEbamkf3cJ4VY tvH58RG9KQbcPACd6a4OuHoIV4ZxO+rMoH3PKN0o21e/kOaow1LGhYMdF9lTgfiY eeY3TRtCxywzQACzasGr8+lMvVePyGp+8KEvM7zGAbrb5ji8JZC6n4A7zq5JQWo0 i2/8EPRhaer3QkxrkTjhdr/5qtC+wulK1xHxESeZl6V8NZlGBYBiXDPgrtY7yguY wDLZD5XIxBum+WOQNO8Fp03FwX1+zcyIVKO7K31HYjCU6S7Fgy6R89Y7OOunNsvx 4zWnr/nkg6GGloeLJmAfkPBPnIIj/rvzVPSRXfTq5CTdieFSJHw= =Iyjb -----END PGP SIGNATURE-----
