Package: libblockdev | Debian Sources

Package: libblockdev / 2.20-7+deb10u1

Metadata

Package	Version	Patches format
libblockdev	2.20-7+deb10u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
Use 512bit keys in LUKS by default.patch \| (download)	src/plugins/crypto.h \| 2 1 + 1 - 0 ! tests/crypto_test.py \| 26 13 + 13 - 0 ! 2 files changed, 14 insertions(+), 14 deletions(-)	use 512bit keys in luks by default This is what Debian FDE does and what was suggested in the following research/analysis: https://www.whonix.org/wiki/Full_Disk_Encryption_and_Encrypted_Images#Protection_Against_Powerful_Adversaries We need to adapt the tests because AES only supports 256bit keys and only the XTS mode splits the 512bit key into two parts. Fixes: GH-416 (cherry picked from commit 9dc4e2463860810cac5a1dbfb7064c47200260f6)
Use existing cryptsetup API for changing keyslot passphra.patch \| (download)	src/plugins/crypto.c \| 40 9 + 31 - 0 ! tests/crypto_test.py \| 3 3 + 0 - 0 ! 2 files changed, 12 insertions(+), 31 deletions(-)	use existing cryptsetup api for changing keyslot passphrase Instead of manually removing the keyslot and adding new a one. Our old code also doesn't work in FIPS mode. (cherry picked from commit 34ed7becf4536ee1277175abdf47c075f340af61)

Patch

File delta

Description

Use 512bit keys in LUKS by default.patch | (download)

src/plugins/crypto.h | 2 1 + 1 - 0 !
tests/crypto_test.py | 26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 14 deletions(-)

 use 512bit keys in luks by default

This is what Debian FDE does and what was suggested in the
following research/analysis:

https://www.whonix.org/wiki/Full_Disk_Encryption_and_Encrypted_Images#Protection_Against_Powerful_Adversaries

We need to adapt the tests because AES only supports 256bit keys
and only the XTS mode splits the 512bit key into two parts.

Fixes: GH-416
(cherry picked from commit 9dc4e2463860810cac5a1dbfb7064c47200260f6)

Use existing cryptsetup API for changing keyslot passphra.patch | (download)

src/plugins/crypto.c | 40 9 + 31 - 0 !
tests/crypto_test.py | 3 3 + 0 - 0 !
2 files changed, 12 insertions(+), 31 deletions(-)

 use existing cryptsetup api for changing keyslot passphrase

Instead of manually removing the keyslot and adding new a one.
Our old code also doesn't work in FIPS mode.

(cherry picked from commit 34ed7becf4536ee1277175abdf47c075f340af61)