f18cd7ae81
VeraCrypt now allows passwords of maximal length 128 bytes (compared to legacy TrueCrypt where it was limited by 64 bytes). This patch implements support for such a passphrases for TCRYPT format. The whole extension seems to be quite dubious, the original TCRYPT passphrase limit was IMO because of internal block length in PBKDF2 (SHA1/SH256 block size is 64 bytes), this patch make sense for SHA512 where the block size is 128 bytes. Another strange thing is enlarging keyfile pool according to real entered password size. Fixes: #532.
What the ...?
Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES, TrueCrypt (including VeraCrypt extension) and BitLocker formats.
The project also includes a veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module and, since version 2.0, integritysetup to setup DMIntegrity block integrity kernel module.
LUKS Design
LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.
Last version of the LUKS2 format specification is available here.
Last version of the LUKS1 format specification is available here.
Why LUKS?
- compatibility via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free.
Project home page.
Frequently asked questions (FAQ)
Download
All release tarballs and release notes are hosted on kernel.org.
The latest stable cryptsetup version is 2.3.0
- cryptsetup-2.3.0.tar.xz
- Signature cryptsetup-2.3.0.tar.sign (You need to decompress file first to check signature.)
- Cryptsetup 2.3.0 Release Notes.
Previous versions
- Version 2.2.2 - Signature - Release Notes.
- Version 2.0.6 - Signature - Release Notes.
- Version 1.7.5 - Signature - Release Notes.
Source and API docs
For development version code, please refer to source page, mirror on kernel.org or GitHub.
For libcryptsetup documentation see libcryptsetup API page.
The libcryptsetup API/ABI changes are tracked in compatibility report.
NLS PO files are maintained by TranslationProject.
Help!
Please always read FAQ first. For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, dm-crypt@saout.de.
If you want to subscribe just send an empty mail to dm-crypt-subscribe@saout.de.
You can also browse list archive or read it through web interface.