TIL the French government may have broken encryption on a LUKS-encrypted laptop with a “greater than 20 character” password in April 2023.

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett’s article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

grey
link
fedilink
-11Y

I don’t use LUKS because I found it to be too much trouble, but if they broke the crypto on LUKS doesn’t that mean a lot of shit out there is vulnerable and not just LUKS encrypted hard drives?

@maltfield@lemmy.ca
creator
link
fedilink
31Y

LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.

Create a post
  • 0 users online
  • 1 user / day
  • 2 users / week
  • 7 users / month
  • 16 users / 6 months
  • 1 subscriber
  • 51 Posts
  • 326 Comments
  • Modlog