[Bug 1928860] Re: Recovery key is low-entropy
Sebastien Bacher
1928860 at bugs.launchpad.net
Thu May 20 08:16:15 UTC 2021
Thanks, there are also some discussions on
https://discourse.ubuntu.com/t/ubuntu-21-04-encryption-recovery-key
about the key security which concluded that a brute force attack would
take a very long time to success.
Could you give some details on the 'within capabilities of offline
brute-force attacks for well-resourced attackers' statement? Did you
disagree with the finding from Alex on the post mentioned before?
** Tags added: hirsute impish rls-ii-incoming
** Changed in: ubiquity (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
Status in ubiquity package in Ubuntu:
Confirmed
Bug description:
Ubuntu 21.04 Desktop ISO includes Ubiquity installer which offers the
user to set up full-disk encryption. In this set-up a recovery key is
automatically generated and added to the system.
The recovery key is 16 decimal digits or ~53.2 bits of entropy so
within capabilities of offline brute-force attacks for well-resourced
attackers.
To confirm, the key is generated here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/ubiquity/plugins
/ubi-partman.py#n306 and used here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/scripts/plugininstall.py#n915
(see also the attached screenshot).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1928860/+subscriptions
More information about the foundations-bugs
mailing list