Mathis · @mathismatiker
15 followers · 68 posts · Server norden.socialWenn jemand ein Linux-System mit LUKS verschlüsselt betreibt, könnte es sein, dass eine zu schwache (und veraltete) Key Derivation Function verwendet wird - vor allem, wenn die Installation schon etwas her ist.
Hier gibt's mehr Informationen und auch eine (von mir erfolgreich getestete) Anleitung zum Aktualisieren der LUKS-Einstellungen von @mjg59:
https://mjg59.dreamwidth.org/66429.html
#linux #luks #verschluesselung #encryption #pbkdf2 #argon2id
#linux #luks #verschluesselung #encryption #pbkdf2 #Argon2id
Christian Pietsch 🍑 · @chpietsch
3659 followers · 12076 posts · Server digitalcourage.socialThank you for sounding the alert!
I identified a minor issue with your otherwise nice explanation: According to my sources (man cryptsetup, #rfc9106), all #argon2 varieties are memory-hard. RFC 9106 is even titled “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”.
However, given that there are known attacks against #argon2i, it seems wise to use #argon2id instead. It is also what is recommended in the RFC.
As a #QubesOS user, I just checked the state of affairs there:
The cryptsetup that comes with QubesOS 3.x used #luks1, and those who did an in-place upgrade to 4.x still have that unless they converted to #luks2 manually (as detailed in the migration guide).
The cryptsetup in QubesOS 4.x uses #luks2, but it still defaults to #argon2i unfortunately.
#luks2 #luks1 #qubesos #Argon2id #argon2i #argon2 #rfc9106
9to5Linux · @9to5linux
4519 followers · 2166 posts · Server floss.social
KeePassXC 2.6.3 Password Manager Adds Support for Argon2id KDF and XMLv2 Key Files
#Argon2id #passwordmanager #KeePassXC