Improved ChangeLog

ChangeLog.txt

@@ -1,10 +1,13 @@
 Version 0.8.1
 ---------------
-* Config File Encryption: Configuration files are AES-256-GCM encrypted with a password and the scrypt KDF.
-* Password Encryption: If the configuration file is not specified as command line parameter, it will be put into the base directory. The filesystem can be mounted with the password only, without specifying a config file on command line.
+* Config File Encryption: Configuration files are encrypted with two ciphers. The user specifies a password, which is then used with the scrypt KDF to generate the two encryption keys.
+  - Inner level: Encrypts the config data using the user specified cipher.
+  - Outer level: Encrypts the name of the inner cipher and the inner level ciphertext using aes-256-gcm.
+  The config file is padded to hide the size of the configuration data (including the name of the cipher used).
+* Password Encryption: If the configuration file is not specified as command line parameter, it will be put into the base directory. This way, the filesystem can be mounted with the password only, without specifying a config file on command line.
 * Logfiles: Added a --logfile option to specify where logs should be written to. If the option is not specified, CryFs logs to syslog.
 * Running in Background: Fixed daemonization. When CryFs is run without "-f" flag, it will run in background.
 * Better error messages when base directory is not existing, not readable or not writeable.
 * Allow --cipher=xxx to specify cipher on command line. If cryfs is creating a new filesystem, it will use this cipher. If it is opening an existing filesystem, it will check whether this is the cipher used by it.
 * --show-ciphers shows a list of all supported ciphers
-* --extpass allows using an external program for password input
+* --extpass allows using an external program for password input