documentation updates

This commit is contained in:
Jaromil 2017-04-16 12:49:04 +02:00
parent 5de9cb32b9
commit f9dc9ed5a7
4 changed files with 56 additions and 12 deletions

View File

@ -1,9 +1,11 @@
Cryptsetup is written by Christophe Saout and Clemens Fruhwirth.
Cryptsetup was originally written in 2004 by Jana Saout
Tomb is written and directed by Denis Roio <jaromil@dyne.org>
LUKS extensions are written in 2006 by Clemens Fruhwirth
Tomb is written and maintained since 2007 by Denis Roio <jaromil@dyne.org>
Tomb includes code and advices by Anathema, Boyska, Hellekin O. Wolf,
GDrooid and Parazyd.
Daniel Rodriguez, Parazyd and Alexandre Pujol.
The 'gtomb' minimal GUI is being written by Parazyd.
@ -14,15 +16,20 @@ Python Tomb wrappers are contributed by Reiven and Boyska.
Artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
German translation by x3nu, Italian translation by Massimiliano
Augello and Swedish translation by PLJ / Kosovoper.
Daniel Rodriguez. French translation by Hellekin and Roy Lockhart,
Russian translation by fsLeg, German translation by Jerry Polfer,
Italian translation by Massimiliano Augello and Swedish translation by
PLJ / Kosovoper.
Tomb received the attention and minor contributions of , Jim Turner
Testing, reviews and documentation contributed by Dreamer, Vlax,
Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon,
Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu
and... the Linux Action Show!
Narrat, Jerry Polfer, Jim Turner, Maxime Arthaud, RobertMX,
mhogomchungu Mandeep Bhutani, Emil Lundberg, Joel Montes de Oca, Armin
Mesbah, Arusekk, Stephan Schindel and... the Linux Action Show!
Tomb includes an implementation of the "Password-Based Key Derivation
Function v2" based on GCrypt and written by Anthony Thyssen.

View File

@ -1,5 +1,19 @@
# Tomb ChangeLog
## 2.4
### April 2017
This release introduces a major new feature with support for
asymmetric encryption of Tomb keys using public/private GPG key
pairs. It is now possible to protect a Tomb key using a GPG key (which
can also be password-less for automations) as well encrypt a Tomb key
for multiple recipients (list of GPG ids). Other improvements include:
a fix to the 'slam' command with better detection of running programs
using 'lsof' (new optional dependency); a fix to 'forge' key creation
to really use 512 bits long keys to really trigger usage of AES256;
correct support for opening tombs in read-only mode; update of the
Tomber python wrapper in extras. Documentation has been updated.
## 2.3
### January 2017

View File

@ -1,3 +1,27 @@
# Usage of AES128 due to shorter keysize
## 2.4
All tomb keys forged using Tomb version 2.3 or preceeding are 256 bits
large, which is insufficient to trigger usage of AES-256 encryption in
XTS mode, which is the default. Therefore all tombs locked using
smaller keys are silently encrypted using AES-128, according to the
cryptsetup manual:
> "By default a 256 bit key-size is used. Note however that XTS splits the supplied key in half, so to use AES-256 instead of AES-128 you have to set the XTS key-size to 512."
This problem has been noticed and corrected in Tomb version 2.4 where
now the 'forge' command will automatically generate 512 bits keys. To
switch to AES-256 encrypted tombs the only possibility is to create
new keys, new tombs and copy the contents across, since the LUKS
formatting occurs when the 'lock' command is issued using a new
key. Using 'setkey' to switch key does not suffice to switch to
AES-256.
This problem is minor and doesn't seem to heavily affect the security
of Tombs created before 2.4 as the cryptographic strenght of AES-128
and AES-256 is comparable; yet it is reasonable to think that larger
key sizes resist better to Quantum computing attacks.
# Vulnerability to password bruteforcing
## Issue affecting keys used in steganography

View File

@ -255,10 +255,9 @@ IRC on https://irc.dyne.org channel **#dyne** (or direct port 9999 SSL)
# Licensing
Tomb is Copyright (C) 2007-2017 by the Dyne.org Foundation
More information on all the developers involved is found in the
[AUTHORS](AUTHORS.md) file.
Tomb is Copyright (C) 2007-2017 by the Dyne.org Foundation and
maintained by Denis Roio <jaromil@dyne.org>. More information on all
the developers involved is found in the [AUTHORS](AUTHORS.md) file.
This source code is free software; you can redistribute it and/or
modify it under the terms of the GNU Public License as published by