From 3c2f26a28799b71343e6cb5561679f4a6a3f1161 Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Wed, 11 Nov 2015 01:23:45 -0800 Subject: [PATCH] Improved ChangeLog --- ChangeLog.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 013a69b5..1da7317a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,10 +1,13 @@ Version 0.8.1 --------------- -* Config File Encryption: Configuration files are AES-256-GCM encrypted with a password and the scrypt KDF. -* Password Encryption: If the configuration file is not specified as command line parameter, it will be put into the base directory. The filesystem can be mounted with the password only, without specifying a config file on command line. +* Config File Encryption: Configuration files are encrypted with two ciphers. The user specifies a password, which is then used with the scrypt KDF to generate the two encryption keys. + - Inner level: Encrypts the config data using the user specified cipher. + - Outer level: Encrypts the name of the inner cipher and the inner level ciphertext using aes-256-gcm. + The config file is padded to hide the size of the configuration data (including the name of the cipher used). +* Password Encryption: If the configuration file is not specified as command line parameter, it will be put into the base directory. This way, the filesystem can be mounted with the password only, without specifying a config file on command line. * Logfiles: Added a --logfile option to specify where logs should be written to. If the option is not specified, CryFs logs to syslog. * Running in Background: Fixed daemonization. When CryFs is run without "-f" flag, it will run in background. * Better error messages when base directory is not existing, not readable or not writeable. * Allow --cipher=xxx to specify cipher on command line. If cryfs is creating a new filesystem, it will use this cipher. If it is opening an existing filesystem, it will check whether this is the cipher used by it. * --show-ciphers shows a list of all supported ciphers -* --extpass allows using an external program for password input \ No newline at end of file +* --extpass allows using an external program for password input