This only matters if your LUKS passphrase is weak, but not so weak as to be trivial. Changing KDF will help mitigate that, for such borderline passphrases only. Picking a better passphrase (I'd say 8+ Diceware words, 10 for security equal to the underlying encryption) eliminates the issue.
this post was submitted on 23 Jun 2023
10 points (91.7% liked)
netsec - Network Security
384 readers
1 users here now
This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.
Content Guidelines:
- Content should focus on the "How".
- Always try to link to the original source.
- Titles should provide context.
- Ask Questions with a "[Question]" prefix in the Title.
- Hiring Posts must go in the [Hiring] (stickied) Threads.
- Commercial advertisement is discouraged.
Discussion Guidelines:
- Don't create unnecessary conflict.
- No trolling allowed, limit the use of jokes and memes.
- Don't complain about content being a PDF.
- Be nice to each other, everybody started somewhere.
Prohibited Content:
- No populist news articles (CNN, BBC, FOX, etc)
- No curated lists.
- No social media posts (Facebook, Twitter, etc).
- No image-only/video-only posts.
- No livestreams.
- No Tech Support requests.
- No paywalled/regwalled content (use archive.is if possible?)
- No commercial advertisement.
- No crowdfunding posts.
- No personally identifiable information.
- No doxxing, and no harrassment of any kind.
founded 1 year ago
MODERATORS
I don’t use LUKS because I found it to be too much trouble, but if they broke the crypto on LUKS doesn’t that mean a lot of shit out there is vulnerable and not just LUKS encrypted hard drives?
LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.