Na}{

File Content: `v1.7.0-ReleaseNotes`

Cryptsetup 1.7.0 Release Notes
==============================

The cryptsetup 1.7 release changes defaults for LUKS,
there are no API changes.

Changes since version 1.6.8

* Default hash function is now SHA256 (used in key derivation function
  and anti-forensic splitter).

  Note that replacing SHA1 with SHA256 is not for security reasons.
  (LUKS does not have problems even if collisions are found for SHA1,
  for details see FAQ item 5.20).

  Using SHA256 as default is mainly to prevent compatibility problems
  on hardened systems where SHA1 is already be phased out.

  Note that all checks (kernel crypto API availability check) now uses
  SHA256 as well.

* Default iteration time for PBKDF2 is now 2 seconds.

  Increasing iteration time is in combination with PBKDF2 benchmark
  fixes a try to keep PBKDF2 iteration count still high enough and
  also still acceptable for users.

  N.B. Long term is to replace PBKDF2 algorithm with Password Hashing
  Competition winner - Argon2.

  Distributions can still change these defaults in compilation time.

  You can change iteration time and used hash function in existing LUKS
  header with cryptsetup-reencrypt utility even without full reencryption
  of device (see --keep-key option).

* Fix PBKDF2 iteration benchmark for longer key sizes.

  The previous PBKDF2 benchmark code did not take into account
  output key length properly.

  For SHA1 (with 160-bits output) and 256-bit keys (and longer)
  it means that the final iteration value was higher than it should be.

  For other hash algorithms (like SHA256 or SHA512) it caused
  that iteration count was lower (in comparison to SHA1) than
  expected for the requested time period.

  The PBKDF2 benchmark code is now fixed to use the key size for
  the formatted device (or default LUKS key size if running in informational
  benchmark mode).

  Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
  (http://www.club.di.unimi.it/) for point this out.
  (Based on "What users should know about Full Disk Encryption
  based on LUKS" paper to be presented on CANS2015).

* Remove experimental warning for reencrypt tool.
  The strong request for full backup before using reencryption utility
  still applies :)

* Add optional libpasswdqc support for new LUKS passwords.

  If password is entered through terminal (no keyfile specified) and
  cryptsetup is compiled with --enable-passwdqc[=/etc/passwdqc.conf],
  configured system passwdqc settings are used to check password quality.

* Update FAQ document.

Cryptsetup API NOTE:

Direct terminal handling and password calling callback for passphrase
entry will be removed from libcryptsetup in next major (2.x) version
(application should handle it itself).
It means that application have to always provide password in API calls.

Functions returning last error will be removed in next major version (2.x).
These functions did not work properly for early initialization errors
and application can implement better function easily using own error callback.

See comments in libcryptsetup.h for more info about deprecated functions.

Name	Size	Permission
examples	---	0755
AUTHORS	137 bytes	0644
FAQ.gz	48990 bytes	0644
Keyring.txt	2724 bytes	0644
LUKS2-locking.txt	2711 bytes	0644
NEWS.Debian.gz	1057 bytes	0644
README.Debian.gz	5680 bytes	0644
README.debug	2731 bytes	0644
README.gnupg	1848 bytes	0644
README.gnupg-sc	2354 bytes	0644
README.keyctl	3583 bytes	0644
README.md.gz	2223 bytes	0644
README.opensc.gz	2219 bytes	0644
changelog.Debian.gz	2251 bytes	0644
copyright	9292 bytes	0644
v1.0.7-ReleaseNotes	2921 bytes	0644
v1.1.0-ReleaseNotes.gz	2275 bytes	0644
v1.1.1-ReleaseNotes	1796 bytes	0644
v1.1.2-ReleaseNotes	1594 bytes	0644
v1.1.3-ReleaseNotes	482 bytes	0644
v1.2.0-ReleaseNotes.gz	2124 bytes	0644
v1.3.0-ReleaseNotes.gz	2134 bytes	0644
v1.3.1-ReleaseNotes	421 bytes	0644
v1.4.0-ReleaseNotes.gz	2253 bytes	0644
v1.4.1-ReleaseNotes	889 bytes	0644
v1.4.2-ReleaseNotes	1630 bytes	0644
v1.4.3-ReleaseNotes	2359 bytes	0644
v1.5.0-ReleaseNotes.gz	3320 bytes	0644
v1.5.1-ReleaseNotes	1295 bytes	0644
v1.6.0-ReleaseNotes.gz	3818 bytes	0644
v1.6.1-ReleaseNotes	1041 bytes	0644
v1.6.2-ReleaseNotes	985 bytes	0644
v1.6.3-ReleaseNotes	1859 bytes	0644
v1.6.4-ReleaseNotes	2036 bytes	0644
v1.6.5-ReleaseNotes	2479 bytes	0644
v1.6.6-ReleaseNotes	1093 bytes	0644
v1.6.7-ReleaseNotes	3333 bytes	0644
v1.6.8-ReleaseNotes	2061 bytes	0644
v1.7.0-ReleaseNotes	3101 bytes	0644
v1.7.1-ReleaseNotes	1371 bytes	0644
v1.7.2-ReleaseNotes	1487 bytes	0644
v1.7.3-ReleaseNotes	811 bytes	0644
v1.7.4-ReleaseNotes	657 bytes	0644
v1.7.5-ReleaseNotes	833 bytes	0644
v2.0.0-ReleaseNotes.gz	9728 bytes	0644
v2.0.1-ReleaseNotes.gz	2226 bytes	0644
v2.0.2-ReleaseNotes.gz	1992 bytes	0644
v2.0.3-ReleaseNotes.gz	2448 bytes	0644
v2.0.4-ReleaseNotes.gz	2325 bytes	0644
v2.0.5-ReleaseNotes.gz	2068 bytes	0644
v2.0.6-ReleaseNotes.gz	1960 bytes	0644
v2.1.0-ReleaseNotes.gz	3484 bytes	0644
v2.2.0-ReleaseNotes.gz	4582 bytes	0644
v2.2.1-ReleaseNotes	1413 bytes	0644
v2.2.2-ReleaseNotes	2151 bytes	0644
v2.3.0-ReleaseNotes.gz	3250 bytes	0644
v2.3.1-ReleaseNotes	1770 bytes	0644
v2.3.2-ReleaseNotes	1499 bytes	0644
v2.3.3-ReleaseNotes	1396 bytes	0644
v2.3.4-ReleaseNotes.gz	2001 bytes	0644
v2.3.5-ReleaseNotes.gz	3129 bytes	0644
v2.3.6-ReleaseNotes	2316 bytes	0644
v2.4.0-ReleaseNotes.gz	4766 bytes	0644
v2.4.1-ReleaseNotes	1942 bytes	0644
v2.4.2-ReleaseNotes	1375 bytes	0644
v2.4.3-ReleaseNotes.gz	1996 bytes	0644

File Content: v1.7.0-ReleaseNotes

File Content: `v1.7.0-ReleaseNotes`