From b7328815183b7a4ff37156085fb78e8e86aff165 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 5 Mar 2017 18:03:03 +0100
Subject: configfile: switch to 128-bit IVs for master key encryption

There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
---
 internal/cryptocore/cryptocore.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'internal/cryptocore')

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 735c409..7e1d238 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -49,8 +49,8 @@ type CryptoCore struct {
 // New returns a new CryptoCore object or panics.
 //
 // Even though the "GCMIV128" feature flag is now mandatory, we must still
-// support 96-bit IVs here because they are used for encrypting the master
-// key in gocryptfs.conf.
+// support 96-bit IVs here because they were used for encrypting the master
+// key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits.
 func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore {
 	if len(key) != KeyLen {
 		log.Panic(fmt.Sprintf("Unsupported key length %d", len(key)))
-- 
cgit v1.2.3