The whrilpool cryptsetup FAQ entry should be updated to reflect that the issue happens too with libgcrypt 1.5.4

[GoogleCodeExporter]

libgcrypt 1.5.4 didn't fix the whirlpool issues (that can be checked on the 
code itself at Line 1319 at libgcrypt-1.5.4/cipher/whirlpool.c). So this 
library version is still able to open broken header files if needed. Can you 
please update the FAQ entry about this?

Original issue reported on code.google.com by franxisc...@gmail.com on 6 Nov 2014 at 7:41

[GoogleCodeExporter]

Well, it should say that gcrypt 1.5.x contains flawed Whirlpool which can open 
old header files.

The 1.6.0 and later fixed Whirlpool.

FAQ should be probably more clear here...

Original comment by gmazyl...@gmail.com on 6 Nov 2014 at 8:05

[GoogleCodeExporter]

Fixed. Thanks for the info!

Original comment by wagner.a...@gmail.com on 9 Nov 2014 at 1:42

[GoogleCodeExporter]

The change for this is done now.

Original comment by wagner.a...@gmail.com on 9 Nov 2014 at 1:44

• Changed state: Fixed

[GoogleCodeExporter]

There are sill references to wrong version numbers around. Also I think 1.5.4 
is going to  be the last release of the 1.5 series.

Original comment by franxisc...@gmail.com on 9 Nov 2014 at 2:28

[GoogleCodeExporter]

Ohh nevermind 2016-12-31 is the EOL for 1.5 series so maybe they backport the 
fix later.

Original comment by franxisc...@gmail.com on 9 Nov 2014 at 2:30

[GoogleCodeExporter]

I think that is what may have happened. 1.5.4 was not out (the FTP-server
date is 07-Aug-14), so when I wrote the FAQ item, "later than 1.5.3" meant
in fact "1.6.0 and above". 

Fixed and noted that the latest known 1.5.x version when FAQ Item 8.3 was
written is 1.5.4.

The important thing is to have that FAQ item. Corrections _are_
welcome, my ego is not so large that I think I know everything ;-)

Can you have a brief look at Item 8.3 whether it is correct and clear now?

Original comment by wagner.a...@gmail.com on 9 Nov 2014 at 3:50

[GoogleCodeExporter]

s/war/was/g ;) Other than that it makes more sense now. Thanks for the fix as 
Gentoo is redirecting it's users to it (in expectation of the stabilization of 
the 1.6 series of gcrypt sooner or later).

Original comment by franxisc...@gmail.com on 9 Nov 2014 at 3:55

[GoogleCodeExporter]

Thanks ;-)

There is nothing wrong with Gentoo redirecting to the FAQ. This way it is 
useful to a wider audience and bugs get spotted earlier. 

I did not find the reference from Gentoo though, have a link?

Original comment by wagner.a...@gmail.com on 9 Nov 2014 at 4:08

[GoogleCodeExporter]

I do, I reported the issue here: https://bugs.gentoo.org/show_bug.cgi?id=525208

The ebuild (read compilation and installation script if you aren't familiar 
with Gentoo) 
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-fs/cryptsetup/crypts
etup-1.6.6.ebuild?revision=1.9&view=markup has a warning message when enabling 
the gcrypt backend.

Original comment by franxisc...@gmail.com on 9 Nov 2014 at 4:56

[GoogleCodeExporter]

Thanks. I have been looking into Gentoo but are not too familiar with it yet.

Original comment by wagner.a...@gmail.com on 9 Nov 2014 at 6:41