Change default cipher specification

new default is "aes-xts-plain64:sha256"
manpage now includes note on how to tune it
fixes #102
This commit is contained in:
Jaromil 2014-01-12 23:32:23 +01:00
parent 8e9cc7d5c2
commit 39bfce25f8
2 changed files with 7 additions and 3 deletions

View File

@ -54,8 +54,10 @@ Initializes and locks an empty tomb (made with \fIdig\fR) using a key
(made with \fIforge\fR), making it ready for usage. After this
operation, the tomb can only be open in possession of the key and
knowing its password. As in any other command requiring a key, the
option \fI-k\fR should be used to specify a key file. This operation
requires root privileges to loopback mount, format the tomb (using
option \fI-k\fR should be used to specify a key file. The \fI-o\fR
option can be used to specify the cipher specification: default is
"aes-xts-plain64:sha256", old versions of Tomb used "aes-cbc-essiv:sha256".
This operation requires root privileges to loopback mount, format the tomb (using
LUKS and Ext4), then set the key in its first LUKS slot.
.B

4
tomb
View File

@ -1154,7 +1154,9 @@ lock_tomb_with_key() {
if option_is_set -o; then
cipher="`option_value -o`"
else
cipher="aes-cbc-essiv:sha256"
cipher="aes-xts-plain64:sha256"
# old default was aes-cbc-essiv:sha256
# for more alternatives refer to cryptsetup(8)
fi
_message "locking using cipher: $cipher"