mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
Change default cipher specification
new default is "aes-xts-plain64:sha256" manpage now includes note on how to tune it fixes #102
This commit is contained in:
parent
8e9cc7d5c2
commit
39bfce25f8
@ -54,8 +54,10 @@ Initializes and locks an empty tomb (made with \fIdig\fR) using a key
|
||||
(made with \fIforge\fR), making it ready for usage. After this
|
||||
operation, the tomb can only be open in possession of the key and
|
||||
knowing its password. As in any other command requiring a key, the
|
||||
option \fI-k\fR should be used to specify a key file. This operation
|
||||
requires root privileges to loopback mount, format the tomb (using
|
||||
option \fI-k\fR should be used to specify a key file. The \fI-o\fR
|
||||
option can be used to specify the cipher specification: default is
|
||||
"aes-xts-plain64:sha256", old versions of Tomb used "aes-cbc-essiv:sha256".
|
||||
This operation requires root privileges to loopback mount, format the tomb (using
|
||||
LUKS and Ext4), then set the key in its first LUKS slot.
|
||||
|
||||
.B
|
||||
|
4
tomb
4
tomb
@ -1154,7 +1154,9 @@ lock_tomb_with_key() {
|
||||
if option_is_set -o; then
|
||||
cipher="`option_value -o`"
|
||||
else
|
||||
cipher="aes-cbc-essiv:sha256"
|
||||
cipher="aes-xts-plain64:sha256"
|
||||
# old default was aes-cbc-essiv:sha256
|
||||
# for more alternatives refer to cryptsetup(8)
|
||||
fi
|
||||
_message "locking using cipher: $cipher"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user