[pkg-cryptsetup-devel] Bug#715525: No need to sleep after a bad password; cryptsetup handles that securely itself
Josh Triplett
josh at joshtriplett.org
Wed Jul 10 02:22:44 UTC 2013
Package: cryptsetup
Version: 2:1.6.1-1
Severity: normal
File: /usr/share/initramfs-tools/scripts/local-top/cryptroot
The initramfs-tools handling for encrypted root device passphrases has a
"sleep 3" after each failure to enter the correct passphrase, presumably
to deter brute-forcing. However, this is not required. LUKS already
has its own built-in secure delay mechanism inherent in the format, by
using iterated hashing to force a certain amount of work to check a
passphrase (specifically, PBKDF2). Any attempt to brute-force a device
passphrase will necessarily incur that computational delay for each
passphrase checked (calibrated by default to take about 1 second on the
machine that created the encrypted partition), whereas anyone attempting
to brute-force the crypto passphrase would simply remove the sleep call
(and for that matter the whole shell script, and the keyboard input).
So, with that in mind, the sleep 3 has no security value, but it does
serve to add extra annoyance to anyone who mistypes their password.
Please remove it.
- Josh Triplett
More information about the pkg-cryptsetup-devel
mailing list