Hi, from cryptsetup-1.7.0 release notes: > Changes since version 1.6.8 > > * Default hash function is now SHA256 (used in key derivation function > and anti-forensic splitter). > > Note that replacing SHA1 with SHA256 is not for security reasons. > (LUKS does not have problems even if collisions are found for SHA1, > for details see FAQ item 5.20). > > Using SHA256 as default is mainly to prevent compatibility problems > on hardened systems where SHA1 is already be phased out. > > Note that all checks (kernel crypto API availability check) now uses > SHA256 as well. So >=sys-fs/cryptsetup-1.7.0 should add a check for CRYPTO_SHA256 kernel configuration option: --- cryptsetup-1.7.0.ebuild.old 2015-11-04 13:28:38.000000000 +0100 +++ cryptsetup-1.7.0.ebuild 2015-11-04 14:59:32.000000000 +0100 @@ -45,8 +45,9 @@ static? ( ${LIB_DEPEND} )" pkg_setup() { - local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC" + local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" + local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" check_extra_config Reproducible: Always
commit a42f86bfdfaaf16cd274041b24e33a27bca24c0f Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed Nov 4 17:57:24 2015 sys-fs/cryptsetup: Added a kernel check for CRYPTO_SHA256 (bug #564882). Package-Manager: portage-2.2.23 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>