this post was submitted on 23 Jun 2023
14 points (100.0% liked)

Linux

1925 readers
15 users here now

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
14
PSA: Upgrade your LUKS PBKDF to Argon2id! (tails.boum.org)
submitted 1 year ago by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
 

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago

See also https://anarchistburecross.noblogs.org/post/2023/04/27/chiffrement-du-disque-dur-linux-mettez-a-niveau-votre-fonction-de-derivation-de-cle-luks/

[–] [email protected] 2 points 1 year ago

Thanks for the links and advice. They were good to read.

[–] [email protected] -1 points 1 year ago (1 children)

I don’t use LUKS because I found it to be too much trouble, but if they broke the crypto on LUKS doesn’t that mean a lot of shit out there is vulnerable and not just LUKS encrypted hard drives?

[–] [email protected] 3 points 1 year ago

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.