Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 8EE70782B52 for <~alpine/devel@lists.alpinelinux.org>; Fri, 8 May 2020 13:22:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7DA822DC8B for <~alpine/devel@lists.alpinelinux.org>; Fri, 8 May 2020 15:22:30 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAphKABL3rZb for <~alpine/devel@lists.alpinelinux.org>; Fri, 8 May 2020 15:22:29 +0200 (CEST) Date: Fri, 8 May 2020 13:21:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1588944148; bh=T9v3ufwcSp+BGJ8KZdKT6MA0C2gmObIO6/gi9sa/bQI=; h=Date:From:To:Subject; b=eCkmnL5GNhPv26lWPlbRPSWmjYC+d5W3wFnDuIyZx1mRwQGVbHLXCACTKOWQbFG4B L18teRFT4KEaB/lfLi1887Qpsw6P/2aXwj6pPWrRBFAvsnD2gggyV0kmbiV/ucaXQW mOjWpbb70fNYBoXtrTBR30TqPe3VrdyGFHWY+IawekDX2KMbbIPxQIz5celjSGbvq2 bhfn7NRMrPA7EHcggFfp655rIqPjHPhP2MA3Y7eh06szz0AXTc92IS/QoT+FwYKciz OFnqAszZAymKypmxauukEZKwch6owf+9VTzNhzPr04ftsyHR4UeLTh/TPne4MOFP85 UBU2GvIV3JCtQ== From: Daniel Gray To: ~alpine/devel@lists.alpinelinux.org Subject: lbu encryption does not use modern pbkdf Message-ID: <20200508132146.guf4e4aoxpibmmls@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Autocrypt: addr=dng@disroot.org; keydata= mDMEXc5cehYJKwYBBAHaRw8BAQdAN11rjEF22MjXDIwS8UeVsJBC9XWjfRXF7DXrGi4voV60K0R hbmllbCBOYXRoYW4gR3JheSA8ZG5ncmF5QHByaXZhY3l0b29scy5pbz6IlgQTFgoAPgIbAwULCQ gHAwUVCgkICwUWAgMBAAIeAQIXgBYhBFiPbk6r6Me1UtAPpkGRH3IrD5rjBQJdzmIvBQkEAbSwA AoJEEGRH3IrD5rjhjoBAOnQwHCfhdwrxP9kiir3TBokNiRFs0pflqojB56722BOAP4xUiIKoy6Y BLtH7wry7miemDmaCn3H/9WpBcI3F0P1ArQkRGFuaWVsIE5hdGhhbiBHcmF5IDxkbmdAZGlzcm9 vdC5vcmc+iJkEExYKAEECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFCQQBtLAWIQRYj25Oq+ jHtVLQD6ZBkR9yKw+a4wUCXc5izgIZAQAKCRBBkR9yKw+a47p8AQDjyKazzC5wPND0gwYShv6fK g8yiorn0KA1+306UCbpTwD/YjKJLq0UqCcRPrNHX5pXItEmrBpTdmCUg6CxB6snBQO4OARdzlx6 EgorBgEEAZdVAQUBAQdAKJZAe1cb9U+1Vf/6Ae1wCVUUd8OMSKGMEbmd8BqkZhwDAQgHiHgEGBY KACAWIQRYj25Oq+jHtVLQD6ZBkR9yKw+a4wUCXc5cegIbDAAKCRBBkR9yKw+a46/PAP9qqQv4Jm PiEqPn9sKxbxL54Y3IsqCs4aMOmZXzHmrnkAD7B6Awq/ddG6uw/imWjsNso21I7ju/PJpm7dsbU BHtyws= Hi, When uncommenting ENCRYPTION=$DEFAULT_CIPHER in /etc/lbu/lbu.conf and then committing I noticed this error: enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password: *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. lbu should probably be updated to use a modern key derivation function with a suitable number of rounds. Thoughts? I suppose changing it there would be the concern of backwards compatibility. If I remember correctly Cryptsetup 2.0 changed to Argon: https://www.saout.de/pipermail/dm-crypt/2017-December/005771.html I posted an issue about it on the bug tracker: https://gitlab.alpinelinux.org/alpine/alpine-conf/-/issues/10457 However it was mentioned in #alpine-linux that I should also post it to the devel mailing list for discussion. -- Daniel Gray (dng) 0x41911F722B0F9AE3 https://social.privacytools.io/@dngray