Re: [Tails-dev] LUKS update

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] LUKS update
Jan Nielsen wrote (26 Dec 2013 03:58:24 GMT) :
> Hi all.


> I propose that the next release of TAILS come shipped with cryptsetup
> version 1.6. Currently, it comes with version 1.4.3 .


> I ask this so that the default encryption cipher used by LUKS (when
> performing FDE on a USB, for example) becomes aes-xts-plain64 instead of
> the older, less secure aes-cbc-essiv cipher.


> I am aware that this can be accomplished in version 1.4.3 of cryptsetup.
> But an upgrade to the newest version would be greatly helpful in preserving
> the encryption security in TAILS.


This discussion has started in the "CBC malleability attack" thread
started two days ago. Please add anything that backs your proposal
there (that might, or might not include an offer to do the needed
backporting and testing work). Thanks in advance.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc