[pkg-cryptsetup-devel] Bug#714331: Bug#714331: Bug#714331: cryptsetup: switch to "more secure" defaults?

Christoph Anton Mitterer calestyo at scientia.net
Fri Jun 28 22:22:29 UTC 2013 

On Fri, 2013-06-28 at 23:24 +0200, Jonas Meurer wrote:
> Ok, indeed the examples could be changed to use xts. Feel free to
> provide a patch. I'll happily accept it.
Attached... see the header for the exact changes and intentions and
complain if it's not okay.

I could write two more patches:
1) That changes all keyscript=/lib/cryptsetup/../name to just
keyscript=name ... I think that's supported for keyscripts shipped with
cryptsetup.

2) I'd recommend to replace all /dev/sd[letter][number] or
hd[letter][number] by "/dev/sdaN".
Why?
- AFAIK, hd is no longer used in the current kernels (I guess the old
non libata based IDE drivers were even dropped)...
- literally using "N" instead of an example number... reduces the risk
that someone accidentally copies&pastes these examples and cause real
harm.

Choose what you'd like and I make patches.


Chris.
-------------- next part --------------
In (nearly) all places where essiv or cipher occured in debian/
* Used cipher=aes-xts-plain64,size=512,hash=sha512 instead of previous value.
  This is not cryptsetup's default, which still seem to use AES128 (and therefore size=256)
  and SHA1.
  If you want it exactly to be upstream default just ask for another patch.
* Used one ordering: cipher, size, hash


In one place, twofish was used as an explicit different example. This wasn't changed
but:
* Documented also the hash algo that was different from default.
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -66,7 +66,7 @@
  You'll have to add an entry for every swap partition in /etc/crypttab. Be
 sure toeplace the source device (here /dev/hda9) with your swap devices:
 # <target name> <source device>	<key file>	<options>
-cswap1		/dev/hda9	/dev/urandom	swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
+cswap1		/dev/hda9	/dev/urandom	swap,cipher=aes-xts-plain64,size=512,hash=sha512
 
  Now you need to change the swap devices in /etc/fstab to the encrypted swap
 device names (/dev/mapper/cswap1 in this example).
--- a/debian/README.initramfs
+++ b/debian/README.initramfs
@@ -47,7 +47,7 @@
 First of all, you must edit /etc/crypttab and add a line describing your
 root device, for example:
 
-  cryptroot /dev/hda2 none cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
+  cryptroot /dev/hda2 none cipher=aes-xts-plain64,size=512,hash=sha512
 
 This will allow cryptsetup to create /dev/mapper/cryptroot from the 
 encrypted partition /dev/hda2 during boot.
@@ -129,7 +129,7 @@
 one mapping needs to be setup in the initramfs stage of the boot.
 
 Example boot arguments:
-root=/dev/mapper/crypt0 cryptopts=target=crypt0,source=/dev/hda1,cipher=twofish
+root=/dev/mapper/crypt0 cryptopts=target=crypt0,source=/dev/hda1,cipher=aes-xts-plain64,size=512,hash=sha512
 
 8. Resume device support
 ------------------------
@@ -161,7 +161,7 @@
 1) swapoff -a
 2) cryptsetup luksClose cryptswap
 3) edit /etc/crypttab and change the cryptswap line to e.g.:
-cryptswap /dev/hda2 cryptroot cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,keyscript=/lib/cryptsetup/scripts/decrypt_derived,swap
+cryptswap /dev/hda2 cryptroot cipher=aes-xts-plain64,size=512,hash=sha512,keyscript=/lib/cryptsetup/scripts/decrypt_derived,swap
 4) /etc/init.d/cryptdisks start
 5) Make sure that /dev/mapper/cryptswap has been created
 6) swapon -a
@@ -194,7 +194,7 @@
 /dev/disk/*, e.g. /dev/disk/by-label/myusbkey.
 
 This is an example of a suitable line in cryptsetup:
-cryptroot /dev/hda2 /dev/disk/by-label/myusbkey:/keys/root.key cipher=aes-cbc-essiv:sha256,size=256,hash=plain,keyscript=/lib/cryptsetup/scripts/passdev
+cryptroot /dev/hda2 /dev/disk/by-label/myusbkey:/keys/root.key cipher=aes-xts-plain64,size=512,hash=sha512,keyscript=/lib/cryptsetup/scripts/passdev
 
 The above line would cause the boot to pause until /dev/disk/by-label/myusbkey
 appears in the fs, then mount that device and use the file /keys/root.key
--- a/debian/doc/crypttab.xml
+++ b/debian/doc/crypttab.xml
@@ -416,23 +416,23 @@
   <para>
    <screen>
 # Encrypted swap device
-cswap /dev/sda6 /dev/urandom cipher=aes-cbc-essiv:sha256,hash=ripemd160,size=256,swap
+cswap /dev/sda6 /dev/urandom cipher=aes-xts-plain64,size=512,hash=sha512,swap
     
 # Encrypted LUKS disk with interactive password, identified by UUID
 cdisk0 UUID=12345678-9abc-def012345-6789abcdef01 none luks
     
 # Encrypted ext4 disk with interactive password
 # - retry 5 times if the check fails
-cdisk1 /dev/sda2 none cipher=aes-cbc-essiv:sha256,hash=ripemd160,size=256,checkargs=ext4,tries=5
+cdisk1 /dev/sda2 none cipher=aes-xts-plain64,size=512,hash=sha512,checkargs=ext4,tries=5
 
 # Encrypted disk with interactive password
 # - use a nondefault check script
 # - no retries
-cdisk2 /dev/hdc1 none cipher=aes-cbc-essiv:sha256,hash=ripemd160,size=256,check=customscript,tries=1
+cdisk2 /dev/hdc1 none cipher=aes-xts-plain64,size=512,hash=sha512,check=customscript,tries=1
 
 # Encrypted disk with interactive password
-# - twofish as the cipher
-cdisk3 /dev/sda3 none cipher=twofish,hash=ripemd160,size=256
+# - twofish as the cipher, RIPEMD160 as the hast
+cdisk3 /dev/sda3 none cipher=twofish,size=256,hash=ripemd160
    </screen>
   </para>
  </refsect1>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5113 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20130629/af2130d5/attachment.bin>

More information about the pkg-cryptsetup-devel mailing list