Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2025-01-09 16:36:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change default cipher specification

Browse Source 
new default is "aes-xts-plain64:sha256"
manpage now includes note on how to tune it
fixes #102
This commit is contained in:
Jaromil 2014-01-12 23:32:23 +01:00
parent 8e9cc7d5c2
commit 39bfce25f8
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/tomb.1
View File

@ -54,8 +54,10 @@ Initializes and locks an empty tomb (made with \fIdig\fR) using a key
(made with \fIforge\fR), making it ready for usage. After this (made with \fIforge\fR), making it ready for usage. After this
operation, the tomb can only be open in possession of the key and operation, the tomb can only be open in possession of the key and
knowing its password. As in any other command requiring a key, the knowing its password. As in any other command requiring a key, the
option \fI-k\fR should be used to specify a key file. This operation option \fI-k\fR should be used to specify a key file. The \fI-o\fR
requires root privileges to loopback mount, format the tomb (using option can be used to specify the cipher specification: default is
"aes-xts-plain64:sha256", old versions of Tomb used "aes-cbc-essiv:sha256".
This operation requires root privileges to loopback mount, format the tomb (using
LUKS and Ext4), then set the key in its first LUKS slot. LUKS and Ext4), then set the key in its first LUKS slot.
.B .B

4
tomb
View File

@ -1154,7 +1154,9 @@ lock_tomb_with_key() {
if option_is_set -o; then if option_is_set -o; then
cipher="`option_value -o`" cipher="`option_value -o`"
else else
cipher="aes-cbc-essiv:sha256" cipher="aes-xts-plain64:sha256"
# old default was aes-cbc-essiv:sha256
# for more alternatives refer to cryptsetup(8)
fi fi
_message "locking using cipher: $cipher" _message "locking using cipher: $cipher"