Package: cryptsetup
Version: 2:1.0.3-1
Severity: wishlist
Tags: patch
Hi,
the luksformat script should use an essiv cipher as default, since on
Debian systems 2.6.16 is now the default kernel with support for essiv.
Attached is a patch.
Regards,
Bastian
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-treasure17
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.05-2 The Linux Kernel Device Mapper use
ii libc6 2.3.6-11 GNU C Library: Shared libraries
ii libdevmapper1.02 2:1.02.05-2 The Linux Kernel Device Mapper use
ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr
ii libgpg-error0 1.2-1 library for common error values an
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libuuid1 1.39-1 universally unique id library
cryptsetup recommends no packages.
-- no debconf information
--- /sbin/luksformat.orig 2006-06-01 23:39:30.459459086 +0200
+++ /sbin/luksformat 2006-06-01 23:44:20.061280364 +0200
@@ -49,7 +49,7 @@
# we do not need to be overly concerned with race conditions here, cryptsetup
# will just fail if the name already exists now.
print "Creating encrypted device on $device...\n";
-if ((system 'cryptsetup', 'luksFormat', $device)) {
+if ((system 'cryptsetup', 'luksFormat', '--cipher', 'aes-cbc-essiv:sha256',
$device)) {
die "Could not create LUKS device $device";
}
