[Bug 1275380] [NEW] Cryptsetup still using SHA-1 as default hash for Debian Installer
Brian Knoll
1275380 at bugs.launchpad.net
Sun Feb 2 02:20:08 UTC 2014
Public bug reported:
The SHA-1 hash has been, for years now, considered undesirable for new
installations. In Trusty, a new install using LUKS results in an
installation using SHA-1 hashing, as can be demonstrated by using the
following command:
cryptsetup luksDump <encrypted partition>
Please consider compiling the "cryptsetup" package to use a stronger
default hash, perhaps SHA-256 or even SHA-512.
I think the option "--with-luks1-hash=sha256", for instance, should give
us a SHA-256 default hash, which would be significantly more secure than
our current default in Ubuntu.
Thank you,
Brian
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cryptsetup 2:1.6.1-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
Uname: Linux 3.13.0-5-generic x86_64
ApportVersion: 2.13.1-0ubuntu1
Architecture: amd64
Date: Sat Feb 1 21:04:28 2014
InstallationDate: Installed on 2014-02-01 (0 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1275380
Title:
Cryptsetup still using SHA-1 as default hash for Debian Installer
Status in “cryptsetup” package in Ubuntu:
New
Bug description:
The SHA-1 hash has been, for years now, considered undesirable for new
installations. In Trusty, a new install using LUKS results in an
installation using SHA-1 hashing, as can be demonstrated by using the
following command:
cryptsetup luksDump <encrypted partition>
Please consider compiling the "cryptsetup" package to use a stronger
default hash, perhaps SHA-256 or even SHA-512.
I think the option "--with-luks1-hash=sha256", for instance, should
give us a SHA-256 default hash, which would be significantly more
secure than our current default in Ubuntu.
Thank you,
Brian
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cryptsetup 2:1.6.1-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
Uname: Linux 3.13.0-5-generic x86_64
ApportVersion: 2.13.1-0ubuntu1
Architecture: amd64
Date: Sat Feb 1 21:04:28 2014
InstallationDate: Installed on 2014-02-01 (0 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1275380/+subscriptions
More information about the foundations-bugs
mailing list