this post was submitted on 23 Jun 2023
10 points (91.7% liked)

netsec - Network Security

379 readers
1 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Discussion Guidelines:

Prohibited Content:

founded 1 year ago
MODERATORS
 

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago

This only matters if your LUKS passphrase is weak, but not so weak as to be trivial. Changing KDF will help mitigate that, for such borderline passphrases only. Picking a better passphrase (I'd say 8+ Diceware words, 10 for security equal to the underlying encryption) eliminates the issue.