ubiquity (21.10.4) impish; urgency=medium
[ Didier Roche ]
[ Jean-Baptiste Lallement ]
* Make the recovery key a 48 digits password by default
(LP: 1928860)
* Recovery key is editable and optional.
* Show the recovery key during manual partitioning.
* Display a warning if recovery
** Changed in: ubiquity (Ubuntu Impish)
Milestone: None => ubuntu-21.10
** Changed in: ubiquity (Ubuntu Impish)
Milestone: ubuntu-21.10 => ubuntu-21.10-beta
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks jibel!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
To manage notifications about this bug go to:
This is being worked on. In summary the following changes will be done in 21.10:
- The length of the generated numerical key will be increased to 48 digits
(like bitlocker)
- It will be optional
- It will be editable and accept letters, digits and special characters.
** Changed in: ubiquity
** Changed in: ubiquity (Ubuntu Impish)
Assignee: (unassigned) => Jean-Baptiste Lallement (jibel)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
To
** Tags removed: rls-ii-notfixing
** Also affects: ubiquity (Ubuntu Impish)
Importance: High
Status: Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key
** Tags removed: rls-ii-incoming
** Tags added: rls-ii-notfixing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
To manage notifications about this bug go
Hi all,
LUKS2 (in zys-format invocation of the corresponding cryptsetup
version) uses Argon2i password-based key deriviation function and
automatically tunes the iteration count/memory cost to be under 2000
milliseconds.
Note that this is timed on the target's machine, and attacker's
machines
Thanks Sebastian for the reference; I hunted around the Internet to try
to find references for current 'best' cracking speed for luks2 without
much success. Alex's results are suddenly the best I've seen.
200 years sounds like a long time in isolation but that's also just
spinning up 2000 cloud
Thanks, there are also some discussions on
https://discourse.ubuntu.com/t/ubuntu-21-04-encryption-recovery-key
about the key security which concluded that a brute force attack would
take a very long time to success.
Could you give some details on the 'within capabilities of offline
brute-force
Excellent, thanks Madars. I think you're right, something closer to 80
bits would probably make more sense, and if it were output with base64
rather than a decimal string it might not be significantly harder to
work with.
Thanks
--
You received this bug notification because you are a member of
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
To manage notifications about this bug
12 matches
Mail list logo
