[pkg-cryptsetup-devel] Bug#714331: Bug#714331: cryptsetup: switch to "more secure" defaults?

Jonas Meurer jonas at freesources.org
Fri Jun 28 10:04:54 UTC 2013


Hello Christoph,

Am 28.06.2013 02:21, schrieb Christoph Anton Mitterer:
> Two places where I think one could switch to more secure defaults:
> 1) /dev/random vs. /dev/urandom
> IIRC (please correct me if I'm wrong)... this was only used during
> device generation (luksFormat), right?
> Apart from devices created in batch mode (and whether this makes sense
> from a security POV is questionable anyway)... it shouldn't hurt then
> if /dev/random blocks, right?
> And the entropy should be much better... especially as this was used
> for the master key if I'm not wrong.

The Debian package doesn't use '/dev/urandom' anywhere. the cryptsetup
binary uses upstreams default, and I don't intend to change that. IIRC,
cryptsetup defaults to '/dev/urandom'. You can decide on your own using
the commandline --use-random and --use-urandom switches.

I guess the reasons for '/dev/urandom' as default are low-entrophy
devices, batch mode and all that. Please discuss this issue upstream in
case that you disagree.

> 2) ciper/modes
> I haven't followed the dm-crypt list that closely recently, but I remember
> Milan was thinking about chaning defaults aes-xts-plain64, right?
> Or has this happened in 1.6?
> 
> Anyway... I would suggest this as a "release goal" for jessy... of
> course with NEWS and release notes infos...
> IIRC the cipher/mode/size defaults were also hardcoded in some of the
> initramfs hooks/scripts and would needed to be adapted there, too.

Your assumption was right. The default cipher for LUKS changed to
aes-xts-plain64 with the release of cryptsetup 1.6.0. In my opionion,
this change doesn't need to be advertised anywhere but in changelog.
LUKS header include the cipher anyway, so no changes needed by users.

It's not that the old default aes-cbc-essiv is considered insecure. If
that was the case, then I would agree that users would need to be warned.

I'm in the process of uploading cryptsetup 1.6.1-1 to unstable btw.

Kind regards,
 jonas



More information about the pkg-cryptsetup-devel mailing list