PSA: Upgrade your LUKS PBKDF to Argon2id !! (tails.boum.org)

submitted 1 year ago by maltfield@lemmy.ca to c/cybersecurity@lemmy.pro

4 comments fedilink hide all child comments

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

https://tails.boum.org/security/argon2id/index.en.html

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

https://mjg59.dreamwidth.org/66429.html

top 4 comments

sorted by: hot top controversial new old

[-] administrator@lemmy.pro 2 points 1 year ago

Aye, important info thank you

[-] maltfield@lemmy.ca 1 points 1 year ago

[-] grey@discuss.tchncs.de 1 points 1 year ago

I don’t use LUKS because I found it to be too much trouble, but if they broke the crypto on LUKS doesn’t that mean a lot of shit out there is vulnerable and not just LUKS encrypted hard drives?

[-] maltfield@lemmy.ca 1 points 1 year ago

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.

this post was submitted on 23 Jun 2023

3 points (100.0% liked)

Cybersecurity

13 readers

1 users here now

All about cybersecurity. Be nice, no spam!

founded 1 year ago

MODERATORS

administrator@lemmy.pro