Package: libblockdev / 2.20-7+deb10u1

Metadata

Package Version Patches format
libblockdev 2.20-7+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
Use 512bit keys in LUKS by default.patch | (download)

src/plugins/crypto.h | 2 1 + 1 - 0 !
tests/crypto_test.py | 26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 14 deletions(-)

 use 512bit keys in luks by default

This is what Debian FDE does and what was suggested in the
following research/analysis:

https://www.whonix.org/wiki/Full_Disk_Encryption_and_Encrypted_Images#Protection_Against_Powerful_Adversaries

We need to adapt the tests because AES only supports 256bit keys
and only the XTS mode splits the 512bit key into two parts.

Fixes: GH-416
(cherry picked from commit 9dc4e2463860810cac5a1dbfb7064c47200260f6)

Use existing cryptsetup API for changing keyslot passphra.patch | (download)

src/plugins/crypto.c | 40 9 + 31 - 0 !
tests/crypto_test.py | 3 3 + 0 - 0 !
2 files changed, 12 insertions(+), 31 deletions(-)

 use existing cryptsetup api for changing keyslot passphrase

Instead of manually removing the keyslot and adding new a one.
Our old code also doesn't work in FIPS mode.

(cherry picked from commit 34ed7becf4536ee1277175abdf47c075f340af61)