netsec - Network Security

408 readers

1 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the "How".
Always try to link to the original source.
Titles should provide context.
Ask Questions with a "[Question]" prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don't create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don't complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

founded 2 years ago

MODERATORS

[email protected]

PSA: Upgrade your LUKS PBKDF to Argon2id !! (tails.boum.org)

submitted 2 years ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

https://tails.boum.org/security/argon2id/index.en.html

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

https://mjg59.dreamwidth.org/66429.html

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 4 hours ago

Size matters... but only to a certain point! I've cracked longer ones from e.g. the LinkedIn password dump for a school project

The reason this works is because they're not random characters. People use 111111(etc.) as password (perhaps because it's funny), repetitions of shorter passwords, a phrase that can be found on Wikipedia or elsewhere ("Maryhadalittlelamb" — for some reason people always remove the spaces, even if they write it down with spaces on paper when putting e.g. the WiFi password on a whiteboard! Drives me mad), words optionally with leet$p3ak (words are about half as random per character as random characters are, and that's assuming people would pick entirely random words), and other predictable things

The number of characters is thus rather meaningless for the password strength, besides calculating a lower bound

I'd say:

Use a randomly generated password. Memorise only a few, like for your disk encryption, password manager, bank login, and probably a few others. It's a bit more difficult than memorising a mobile phone number but not by much
Make sure it's random enough, usually measured in bits. More is better, I forgot what we expect a (non-quantum) computer to be able to do exactly in 20 years but it's on the order of 80 bits, which would be ceil(log(2^(80))/log(26+26+10))=14 characters when you use lowercase letters, uppercase letters, and digits, or ceil(log(2^(80))/log(6667))=7 Diceware words if I remember correctly that the dictionary contains 6667 words. Adjust to the character set or dictionary you use and the desired strength
Use it regularly. You'll forget ones you've not used for several months. Don't want that to happen to my 2FA token backup, for example. If you don't naturally use them regularly, set reminders to check it, or store the password in a safe place if possible (offline, and perhaps look into secret sharing schemes for this)

If you know something will use a strong password hashing function like Bcrypt or Argon2, especially if you can set a good number of rounds/memory to be used, the requirements can be relaxed but I find it easier to have a few definitely-secure passwords than to try to seek out the edge of what's safe

When you use a TPM or HSM or whatever a given variant is called (like a smartcard), such that you can only do a limited number of attempts in the first place, a few digits may be enough for your needs (PIN code). Mobile phones and modern computers often have these, but they're also often broken. Needs physical access though, so it again depends on what kind of threats you think are realistic for your situation

Do switch to Argon2 in LUKS, but not out of fear please. Know that your password is good based on the maths and then upgrade at leisure :)