[pkg-cryptsetup-devel] Bug#949336: integritysetup: HMAC(SHA256) key truncated to 106/114bytes in standalone mode
Guilhem Moulin
guilhem at debian.org
Tue Jun 8 13:46:19 BST 2021
Hi Jonas!
On Mon, 07 Jun 2021 at 21:54:50 +0200, Jonas Meurer wrote:
>> I'm not sure how what the best way to proceed for Bullseye. Jonas,
>> what's your take about this?
>
> First sorry for not responding earlier. I simply missed this mail in my
> backlog :-/
No worries!
> I would suggest to take the most pragmatic approach and don't care about
> this corner case. Given that, no stable release ever shipped with a faulty
> integritysetup and that I would expect every user who ran unstable/testing
> back when keys hat 106 bytes to still run unstable/testing, let's just keep
> it the way it is, no?
Great, then we're on the same page :-) That's a good summary, AFAIK the
only report so far is this bug from nbf who is using a 106 bytes
truncation, and with that key size Bullseye's integritysetup isn't more
broken than Buster's. So let's skip this for 11.0 and maybe revisit
later via s-p-u if needs be.
Thanks for the feedback!
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20210608/8a16a977/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list