[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PSA for LUKS users
|
From: |
Jonathan Brielmaier |
|
Subject: |
Re: PSA for LUKS users |
|
Date: |
Thu, 20 Apr 2023 11:32:46 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 |
Am 20.04.23 um 06:03 schrieb Vagrant Cascadian:
On 2023-04-19, Felix Lechner via wrote:
Given the broad popularity of LUKS full-disk encryption among our
fellow Guix users, I thought the community might appreciate reading
about potentially weak key-derivation functions in older LUKS
installations. [1]
The article even offers fixes, although I cannot say whether your
system will boot after you follow the steps since I do not use LUKS
personally. Stay safe!
...
[1] https://mjg59.dreamwidth.org/66429.html
In short, those instructions will almost certainly break Guix System!
Can confirm :) At least the described backup & restore procedure does work.
I also think, that our cryptsetup is quite old, so I built a patch for
updating: https://issues.guix.gnu.org/62960
While recent grub2 finally has limited support for luks2, it only
supports the weaker KDF (key derivation function) (PBKDF2?), as I
understand it, though would be happy to be proven wrong!
The support seems pretty limited, as I only updated the LUKS version of
my root-partition to version 2 (still PBKDF) and it already refused to
boot...
~Jonathan