[Bug 448918] Re: Insecure Cryptsetup defualts

ubuntu-crypto davexthc at gmail.com
Sun Oct 11 19:02:20 UTC 2009 

** Description changed:

  Binary package hint: cryptsetup
  
- The current version of cryptsetup only supports SHA1 for hashing passwords, this is very insecure cryptsetup 1.1.10rc2 fixes this problem. ( http://code.google.com/p/cryptsetup/downloads/list ) I know it is a Release Candidate, however I have thoroughly tested it, it is fully backwards-compatible, and has no bugs that i was able to detect, i even hacked at the LUKS header to see if it was *really * hashing the password with SHA512 (also tested with Whirlpool ans SHA256). Also the cbc-essiv mode is considered insecure compared to the new XTS mode, however I have seen no attacks on ESSIV. The new cryptsetup also adds an interesting feature: luksSuspend, it suspends active device (all IO operations are frozen) and wipes encryption key from kernel. Kernel  version 2.6.19 or later is required. This is very useful for suspending and hibernating a system ,especially a laptop so there is no risk of cold-boot. Anyway for cryptsetup I recommend these options (after a mailstorm with its developers , the Linux crypto mailing archive, chat in ##crypto, white papers, contact with the XTS kernel module developer, and even brief contact with Bruce Schneier. For cryptsetup 1.0.7 : cryptsetup -y  -i 15 -s 512 -h ripemd160 -c  aes-xts-benbi luksFormat /dev/sda5 [xts-benbi is the proper way to use XTS according to the developer of the module]  With cryptsetup 1.1.0rc2+ : cryptsetup -y  -i 15 -s 512 -h sha512 -c  aes-xts-benbi luksFormat /dev/sda5 
+ The current version of cryptsetup only supports SHA1 for hashing passwords, this is very insecure cryptsetup 1.1.10rc2 fixes this problem. ( http://code.google.com/p/cryptsetup/downloads/list ) I know it is a Release Candidate, however I have thoroughly tested it, it is fully backwards-compatible, and has no bugs that i was able to detect, i even hacked at the LUKS header to see if it was *really * hashing the password with SHA512 (also tested with Whirlpool ans SHA256). Also the cbc-essiv mode is considered insecure compared to the new XTS mode, however I have seen no attacks on ESSIV. The new cryptsetup also adds an interesting feature: luksSuspend, it suspends active device (all IO operations are frozen) and wipes encryption key from kernel. Kernel  version 2.6.19 or later is required. This is very useful for suspending and hibernating a system ,especially a laptop so there is no risk of cold-boot. Anyway for cryptsetup I recommend these options (after a mailstorm with its developers , the Linux crypto mailing archive, chat in ##crypto, white papers, contact with the XTS kernel module developer, and even brief contact with Bruce Schneier. For cryptsetup 1.0.7 : cryptsetup -y  -i 15 -s 512 -h ripemd160 -c  aes-xts-benbi luksFormat /dev/sda5 [xts-benbi is the proper way to use XTS according to the developer of the module]  With cryptsetup 1.1.0rc2+ : cryptsetup -y  -i 15 -s 512 -h sha512 -c  aes-xts-benbi luksFormat /dev/sda5
  Explanation : "-i 15" The  number  of  milliseconds to spend with PBKDF2 password processing.  Increasing the time will lead to a  more  secure  password,  but also will take luksOpen longer to complete. This will help with weak passwords, the bigger the -i value the more  computing power it takes to use a brute-force attack.
  
  Additional notes: Where is the option to fill the encrypted LVM with
  /dev/urandom when done? This is critical ! Also is "zero" option to zero
  the disk before encrypting it, to get red of the sensitive data. (After
  all, what use is encryption when the files can be recovered by any
  scriptkiddie?)

-- 
Insecure Cryptsetup defualts
https://bugs.launchpad.net/bugs/448918
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list