[Bug 1928860] Re: Recovery key is low-entropy
Seth Arnold
1928860 at bugs.launchpad.net
Thu May 20 20:20:46 UTC 2021
Thanks Sebastian for the reference; I hunted around the Internet to try
to find references for current 'best' cracking speed for luks2 without
much success. Alex's results are suddenly the best I've seen.
200 years sounds like a long time in isolation but that's also just
spinning up 2000 cloud instances for a month: Expensive but not
impossible. Furthermore, many of these attacks parallelize across
multiple targets *very* cheaply -- I do not know if luks2 bruteforcing
is the same -- but it's quite often only slightly more expensive to
search for hundreds or millions at the same time.
That's why I thought the 53 bits Madar reports or the 64 bits that I
thought I saw via code inspection didn't feel like they were long
enough.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
Status in ubiquity package in Ubuntu:
Confirmed
Bug description:
Ubuntu 21.04 Desktop ISO includes Ubiquity installer which offers the
user to set up full-disk encryption. In this set-up a recovery key is
automatically generated and added to the system.
The recovery key is 16 decimal digits or ~53.2 bits of entropy so
within capabilities of offline brute-force attacks for well-resourced
attackers.
To confirm, the key is generated here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/ubiquity/plugins
/ubi-partman.py#n306 and used here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/scripts/plugininstall.py#n915
(see also the attached screenshot).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1928860/+subscriptions
More information about the foundations-bugs
mailing list