plain: Set default cipher to aes-xts-plain64 and hash to sha256, add warnings (!543) · Merge requests · cryptsetup / cryptsetup

Milan Broz requested to merge plain-warning into main Sep 30, 2023

This MR changes default plain type cipher to aes-xts-plain64 and default plain type password hashing algorithm to sha256. See #758 (closed) for more context.

As this is backward incompatible change, it also adds warning if --cipher, --key-size and --hash (if hashing is in place, IOW no keyfile is used).

All users should use these options. For some taime, systems using /etc/crypttab should have these mandatory already for plain device.

plain: Set default cipher to aes-xts-plain64 and hash to sha256, add warnings

Merge request reports