[pkg-cryptsetup-devel] Bug#949336: integritysetup: volume formatted with 2.0.4 might not open with ≥2.0.5 (different key truncation)
Guilhem Moulin
guilhem at debian.org
Fri May 14 13:38:35 BST 2021
Control: retitle -1 integritysetup: HMAC(SHA256) key truncated to 106/114bytes in standalone mode
Control: severity -1 important
On Thu, 13 May 2021 at 17:46:26 +0200, Guilhem Moulin wrote:
> Fortunately there are no Debian releases with integritysetup ≤2.0.4 so
> as far as Debian is concerned the impact is limited.
After some discussion on the upstream bug tracker: the fact that the
user-supplied key is truncated in the first place is an issue. But fixing
that, like changing the truncation length in 2.0.5, yields
incompatibilities.
I'm not sure what's the best course of action for Bullseye. Fixing the
truncation altogether isn't ideal given we're so late in the release cycle.
The safest might be to keep the 114-bytes truncation for Bullseye, but warn
the user of upcoming compatibility issues when --integrity-key-size exceeds
114 bytes (and suggest to use `--integrity-key-size 114`). Any other
opinion?
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20210514/a8a9ee3b/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list