I forgot to mention another thing: the default value for "IV algorithm" under dm-crypt has been changed from 'cbc-essiv:sha256' to 'xts-plain64'.
This is respected in my patch via this lines: Index: using-d-i/modules/partman-crypto.xml =================================================================== --- using-d-i/modules/partman-crypto.xml (Revision 69255) +++ using-d-i/modules/partman-crypto.xml (Arbeitskopie) @@ -104,7 +104,7 @@ </varlistentry> <varlistentry> -<term>IV algorithm: <userinput>cbc-essiv:sha256</userinput></term> +<term>IV algorithm: <userinput>xts-plain64</userinput></term> <listitem><para> @@ -119,7 +119,7 @@ </para><para> From the provided alternatives, the default -<userinput>cbc-essiv:sha256</userinput> is currently the least +<userinput>xts-plain64</userinput> is currently the least vulnerable to known attacks. Use the other alternatives only when you need to ensure compatibility with some previously installed system that is not able to use newer algorithms. -- Holger Wansing <[email protected]> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
