[Bug 1845218] [NEW] --hash argument ignored when creating a luks2 volume
Jabb
1845218 at bugs.launchpad.net
Tue Sep 24 14:57:05 UTC 2019
Public bug reported:
Command used to create a luks2 volume:
cryptsetup luksFormat /dev/loop0 --type luks2 --hash sha512
Output of luksDump shows pbkdf2 is still using sha256
The problem has been resolved in version 2.2.0 cryptsetup:
https://gitlab.com/cryptsetup/cryptsetup/issues/484
[root at mtz ink]# cryptsetup luksDump /dev/loop0
LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: 19642715-0c41-4611-9e1f-f5e3c19888b1
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 4194304 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 256 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: argon2i
Time cost: 4
Memory: 872450
Threads: 4
Salt: 73 63 6a 10 5a a8 48 a6 f8 5a fa 2b 63 52 8e d0
10 64 a1 0f 3a 58 2b c6 59 5a 07 c7 36 77 b5 3c
AF stripes: 4000
Area offset:32768 [bytes]
Area length:131072 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 94705
Salt: 77 ef 94 fa bb ae 54 b6 59 1e b8 75 c0 c1 c0 f9
31 ae 3b 46 95 22 cb 11 0f ac 0a 14 52 22 d3 98
Digest: b1 6c 4d 09 d6 b2 92 d9 64 83 37 23 3f e0 5f c0
81 73 45 ab 34 7f 7e d3 39 a9 a9 36 4f 0f 54 ec
[root at mtz ink]#
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Command used to create a luks2 volume:
cryptsetup luksFormat /dev/loop0 --type luks2 --hash sha512
Output of luksDump shows pbkdf2 is still using sha256
The problem has been resolved in version 2.2.0 cryptsetup:
https://gitlab.com/cryptsetup/cryptsetup/issues/484
[root at mtz ink]# cryptsetup luksDump /dev/loop0
LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: 19642715-0c41-4611-9e1f-f5e3c19888b1
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
- 0: crypt
- offset: 4194304 [bytes]
- length: (whole device)
- cipher: aes-xts-plain64
- sector: 512 [bytes]
+ 0: crypt
+ offset: 4194304 [bytes]
+ length: (whole device)
+ cipher: aes-xts-plain64
+ sector: 512 [bytes]
Keyslots:
- 0: luks2
- Key: 256 bits
- Priority: normal
- Cipher: aes-xts-plain64
- PBKDF: argon2i
- Time cost: 4
- Memory: 872450
- Threads: 4
- Salt: 73 63 6a 10 5a a8 48 a6 f8 5a fa 2b 63 52 8e d0
- 10 64 a1 0f 3a 58 2b c6 59 5a 07 c7 36 77 b5 3c
- AF stripes: 4000
- Area offset:32768 [bytes]
- Area length:131072 [bytes]
- Digest ID: 0
+ 0: luks2
+ Key: 256 bits
+ Priority: normal
+ Cipher: aes-xts-plain64
+ PBKDF: argon2i
+ Time cost: 4
+ Memory: 872450
+ Threads: 4
+ Salt: 73 63 6a 10 5a a8 48 a6 f8 5a fa 2b 63 52 8e d0
+ 10 64 a1 0f 3a 58 2b c6 59 5a 07 c7 36 77 b5 3c
+ AF stripes: 4000
+ Area offset:32768 [bytes]
+ Area length:131072 [bytes]
+ Digest ID: 0
Tokens:
Digests:
- 0: pbkdf2
- Hash: sha256
- Iterations: 94705
- Salt: 77 ef 94 fa bb ae 54 b6 59 1e b8 75 c0 c1 c0 f9
- 31 ae 3b 46 95 22 cb 11 0f ac 0a 14 52 22 d3 98
- Digest: b1 6c 4d 09 d6 b2 92 d9 64 83 37 23 3f e0 5f c0
- 81 73 45 ab 34 7f 7e d3 39 a9 a9 36 4f 0f 54 ec
+ 0: pbkdf2
+ Hash: sha256
+ Iterations: 94705
+ Salt: 77 ef 94 fa bb ae 54 b6 59 1e b8 75 c0 c1 c0 f9
+ 31 ae 3b 46 95 22 cb 11 0f ac 0a 14 52 22 d3 98
+ Digest: b1 6c 4d 09 d6 b2 92 d9 64 83 37 23 3f e0 5f c0
+ 81 73 45 ab 34 7f 7e d3 39 a9 a9 36 4f 0f 54 ec
[root at mtz ink]#
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1845218
Title:
--hash argument ignored when creating a luks2 volume
Status in cryptsetup package in Ubuntu:
New
Bug description:
Command used to create a luks2 volume:
cryptsetup luksFormat /dev/loop0 --type luks2 --hash sha512
Output of luksDump shows pbkdf2 is still using sha256
The problem has been resolved in version 2.2.0 cryptsetup:
https://gitlab.com/cryptsetup/cryptsetup/issues/484
[root at mtz ink]# cryptsetup luksDump /dev/loop0
LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: 19642715-0c41-4611-9e1f-f5e3c19888b1
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 4194304 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 256 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: argon2i
Time cost: 4
Memory: 872450
Threads: 4
Salt: 73 63 6a 10 5a a8 48 a6 f8 5a fa 2b 63 52 8e d0
10 64 a1 0f 3a 58 2b c6 59 5a 07 c7 36 77 b5 3c
AF stripes: 4000
Area offset:32768 [bytes]
Area length:131072 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 94705
Salt: 77 ef 94 fa bb ae 54 b6 59 1e b8 75 c0 c1 c0 f9
31 ae 3b 46 95 22 cb 11 0f ac 0a 14 52 22 d3 98
Digest: b1 6c 4d 09 d6 b2 92 d9 64 83 37 23 3f e0 5f c0
81 73 45 ab 34 7f 7e d3 39 a9 a9 36 4f 0f 54 ec
[root at mtz ink]#
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1845218/+subscriptions
More information about the foundations-bugs
mailing list