[Bug 1506995] Re: Ubiquity facilitate attack on crypto LUKS
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Fri Nov 27 21:37:54 UTC 2015
There is code to do this in user-setup too.
** Also affects: user-setup (Ubuntu)
Importance: Undecided
Status: New
** Changed in: user-setup (Ubuntu)
Status: New => Triaged
** Changed in: user-setup (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: user-setup (Ubuntu)
Assignee: (unassigned) => Mathieu Trudel-Lapierre (mathieu-tl)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to user-setup in Ubuntu.
https://bugs.launchpad.net/bugs/1506995
Title:
Ubiquity facilitate attack on crypto LUKS
Status in ubiquity package in Ubuntu:
Triaged
Status in user-setup package in Ubuntu:
Triaged
Bug description:
In Ubiquity's script/user-setup-encrypted-swap, the crypt partition is
zeroed. This leaves it more vulnerable to attacks. The attacker knows
the partition is zeroed and can more easily find the encryption key.
The included patch solves this issue, but this can also be done in a
faster way by using openssl.
Patched lines:
dd if=/dev/urandom of=$device bs=16M seek=1 2>/dev/null || true
Alternative approch:
openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128
count=1 2>/dev/null | base64)" -nosalt < /dev/zero | head -c $size |
dd of=$target
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1506995/+subscriptions
More information about the foundations-bugs
mailing list