~alpine/devel

lbu encryption does not use modern pbkdf

Daniel Gray <dng@disroot.org>
Details
Message ID
<20200508132146.guf4e4aoxpibmmls@disroot.org>
DKIM signature
missing
Download raw message
3 years ago 
Hi,

When uncommenting ENCRYPTION=$DEFAULT_CIPHER in /etc/lbu/lbu.conf and
then committing I noticed this error:

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

lbu should probably be updated to use a modern key derivation function
with a suitable number of rounds.

Thoughts?

I suppose changing it there would be the concern of backwards
compatibility.

If I remember correctly Cryptsetup 2.0 changed to Argon:
https://www.saout.de/pipermail/dm-crypt/2017-December/005771.html

I posted an issue about it on the bug tracker:
https://gitlab.alpinelinux.org/alpine/alpine-conf/-/issues/10457

However it was mentioned in #alpine-linux that I should also post it to
the devel mailing list for discussion.

-- 
Daniel Gray (dng) 0x41911F722B0F9AE3
https://social.privacytools.io/@dngray
Reply to thread Export thread (mbox)