[dm-crypt] security: improve defaults

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christian Stadelmann <chris.privat@genodeftest.de>
To: dm-crypt@saout.de
Subject: [dm-crypt] security: improve defaults
Date: Sat, 03 Jan 2015 00:18:21 +0100	[thread overview]
Message-ID: <1420240701.2680.36.camel@genodeftest.de> (raw)

[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]

Hi

I find several defaults in cryptsetup are less secure than they can be.
Below I list them with some comments:

cipher: aes-cbc-essiv (default in plain mode)
There are known attacs against aes-cbc-essiv which lead to using aes-xts
as default cipher in LUKS mode. Is there any reason why it should not be
used in plain mode?

key size: 256 (default)
For using aes256 (which is the default cipher in LUKS mode) the key size
should be 512 bit since XTS splits the supplied key.

hash: sha1 (default)
SHA-1 is considered weak for some years, SHA-2 is widely available. Is
there any reason against using SHA-2? Since hashing is only done once
sha512 could be default.

iter-time: 1000 (default)
could be increased.

random number pool: /dev/urandom (default)
this should definitely be `--use-random` as default, you should never
use /dev/urandom for long-term crypto keys. It may result in using
low-entropy keys which obviously must not happen. It might take some
time to gather enough entropy, but that is ok since performance is not
relevant for an operation done once. Additionaly I think it would be
best to disable the option `--use-urandom` completely.

key derivation function: PBKDF2
PBKDF2 is easy to implement in FPGAs or ASICs which reduces its
strength. It is safe enough for today but scrypt is a good alternative. 

To summarize: Strong crypto is available. It should be default.

Regards
Chris

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

next             reply	other threads:[~2015-01-02 23:25 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-02 23:18 Christian Stadelmann [this message]
2015-01-03  6:00 ` [dm-crypt] security: improve defaults Arno Wagner
2015-01-03  8:19   ` Sitaram Chamarty
2015-01-03  9:08   ` Milan Broz
2015-01-04  1:59 ` Sven Eschenberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1420240701.2680.36.camel@genodeftest.de \
    --to=chris.privat@genodeftest.de \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.