LUKS and quantum computing

public inbox for cryptsetup@lists.linux.dev
 help / color / mirror / Atom feed

* LUKS and quantum computing
@ 2024-11-25 22:13 Patrick Callaghan
  2024-11-26  8:39 ` Arno Wagner
  2024-11-26  8:53 ` Milan Broz
  0 siblings, 2 replies; 5+ messages in thread
From: Patrick Callaghan @ 2024-11-25 22:13 UTC (permalink / raw)
  To: cryptsetup@lists.linux.dev

If we use LUKS encryption with SHA-256 configured (i.e. the default), is this considered safe against attacks by quantum computers? 

I ask because NIST suggests SHA512 in general for quantum safe algorithms (see "old Q17" in https://csrc.nist.gov/projects/post-quantum-cryptography/faqs) and we want to be LUKS quantum safe now and for several years to come, even if no practical attacks currently exist.

Note, the cipher we use is "aes-xts-plain64" so we have no question about this as AES with 256-bit keys is considered quantum safe. 

Thank you.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: LUKS and quantum computing
  2024-11-25 22:13 LUKS and quantum computing Patrick Callaghan
@ 2024-11-26  8:39 ` Arno Wagner
  2024-11-26  8:53 ` Milan Broz
  1 sibling, 0 replies; 5+ messages in thread
From: Arno Wagner @ 2024-11-26  8:39 UTC (permalink / raw)
  To: Patrick Callaghan; +Cc: cryptsetup@lists.linux.dev

No idea. And frankly, I have stopped caring. "Quantum Computing" is
a Fata Morgana that does not amount to anything practical at this 
time (after 50 years of resarch) and may well never amount to anything.  
It will certainly not be a real treat in the foreseeable future.

Here is what Peter Gitman thinks of the topic, and I think it
is spot on: https://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf

Regards,
Arno


On Mon, Nov 25, 2024 at 23:13:17 CET, Patrick Callaghan wrote:
> If we use LUKS encryption with SHA-256 configured (i.e.  the default), is
> this considered safe against attacks by quantum computers? 
> 
> I ask because NIST suggests SHA512 in general for quantum safe algorithms
> (see "old Q17" in
> https://csrc.nist.gov/projects/post-quantum-cryptography/faqs) and we want
> to be LUKS quantum safe now and for several years to come, even if no
> practical attacks currently exist.
> 
> Note, the cipher we use is "aes-xts-plain64" so we have no question about
> this as AES with 256-bit keys is considered quantum safe. 
> 
> Thank you.

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: LUKS and quantum computing
  2024-11-25 22:13 LUKS and quantum computing Patrick Callaghan
  2024-11-26  8:39 ` Arno Wagner
@ 2024-11-26  8:53 ` Milan Broz
  2024-11-26  9:34   ` Arno Wagner
  1 sibling, 1 reply; 5+ messages in thread
From: Milan Broz @ 2024-11-26  8:53 UTC (permalink / raw)
  To: Patrick Callaghan, cryptsetup@lists.linux.dev

On 11/25/24 11:13 PM, Patrick Callaghan wrote:
> If we use LUKS encryption with SHA-256 configured (i.e. the
> default), is this considered safe against attacks by quantum
> computers?

SHA256 has no problem, specifically if used for PBKDF2
(iterative hashing for key derivation).

Default LUKS2 configuration no longer use SHA256 anyway, only for
antiforensic filter (split key material among more sectors) and
this is not a cryptographically relevant operation.

We use Argon2 with Blake2 hash internally for PBKDF now in LUKS2.

> I ask because NIST suggests SHA512 in general for quantum safe
> algorithms (see "old Q17" in https://csrc.nist.gov/projects/post-
> quantum-cryptography/faqs) and we want to be LUKS quantum safe now
> and for several years to come, even if no practical attacks
> currently exist.
> 
> Note, the cipher we use is "aes-xts-plain64" so we have no question
> about this as AES with 256-bit keys is considered quantum safe.

The 256bit (2x256 bit for XTS) key is default, this is according to
what is suggested in general (even in the context of QC).
Otherwise there should be no problem with symmetric encryption related
to quantum computing.

BTW who is "we" in your pararaph?

Milan

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: LUKS and quantum computing
  2024-11-26  8:53 ` Milan Broz
@ 2024-11-26  9:34   ` Arno Wagner
  2024-11-26 21:49     ` Patrick Callaghan
  0 siblings, 1 reply; 5+ messages in thread
From: Arno Wagner @ 2024-11-26  9:34 UTC (permalink / raw)
  To: cryptsetup@lists.linux.dev

On Tue, Nov 26, 2024 at 09:53:36 CET, Milan Broz wrote:
> On 11/25/24 11:13 PM, Patrick Callaghan wrote:
[...]
> BTW who is "we" in your pararaph?
> 
> Milan

I have been wondering that as well...

Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: LUKS and quantum computing
  2024-11-26  9:34   ` Arno Wagner
@ 2024-11-26 21:49     ` Patrick Callaghan
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick Callaghan @ 2024-11-26 21:49 UTC (permalink / raw)
  To: cryptsetup@lists.linux.dev

Thank you Arno for the link and thank you Milan for the "iterative hashing for key derivation" point and the LUKS2 hashing comment.

The "we" is a couple of co-workers on my team who are interested in preparing their partition encryption setup according to the emerging NIST standards, including quantum computing safeness.


________________________________________
From: Arno Wagner <wagner@arnowagner.info>
Sent: Tuesday, November 26, 2024 4:34 AM
To: cryptsetup@lists.linux.dev <cryptsetup@lists.linux.dev>
Subject: Re: LUKS and quantum computing
 
On Tue, Nov 26, 2024 at 09:53:36 CET, Milan Broz wrote:
> On 11/25/24 11:13 PM, Patrick Callaghan wrote:
[...]
> BTW who is "we" in your pararaph?
>
> Milan

I have been wondering that as well...

Arno

--
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-11-26 21:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-25 22:13 LUKS and quantum computing Patrick Callaghan
2024-11-26  8:39 ` Arno Wagner
2024-11-26  8:53 ` Milan Broz
2024-11-26  9:34   ` Arno Wagner
2024-11-26 21:49     ` Patrick Callaghan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox