[Bug 1275380] [NEW] Cryptsetup still using SHA-1 as default hash for Debian Installer

Brian Knoll 1275380 at bugs.launchpad.net
Sun Feb 2 02:20:08 UTC 2014 

Public bug reported:

The SHA-1 hash has been, for years now, considered undesirable for new
installations.  In Trusty, a new install using LUKS results in an
installation using SHA-1 hashing, as can be demonstrated by using the
following command:

cryptsetup luksDump <encrypted partition>

Please consider compiling the "cryptsetup" package to use a stronger
default hash, perhaps SHA-256 or even SHA-512.

I think the option "--with-luks1-hash=sha256", for instance, should give
us a SHA-256 default hash, which would be significantly more secure than
our current default in Ubuntu.

Thank you,
Brian

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cryptsetup 2:1.6.1-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
Uname: Linux 3.13.0-5-generic x86_64
ApportVersion: 2.13.1-0ubuntu1
Architecture: amd64
Date: Sat Feb  1 21:04:28 2014
InstallationDate: Installed on 2014-02-01 (0 days ago)
InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1)
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks

** Affects: cryptsetup (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1275380

Title:
  Cryptsetup still using SHA-1 as default hash for Debian Installer

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  The SHA-1 hash has been, for years now, considered undesirable for new
  installations.  In Trusty, a new install using LUKS results in an
  installation using SHA-1 hashing, as can be demonstrated by using the
  following command:

  cryptsetup luksDump <encrypted partition>

  Please consider compiling the "cryptsetup" package to use a stronger
  default hash, perhaps SHA-256 or even SHA-512.

  I think the option "--with-luks1-hash=sha256", for instance, should
  give us a SHA-256 default hash, which would be significantly more
  secure than our current default in Ubuntu.

  Thank you,
  Brian

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: cryptsetup 2:1.6.1-1ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
  Uname: Linux 3.13.0-5-generic x86_64
  ApportVersion: 2.13.1-0ubuntu1
  Architecture: amd64
  Date: Sat Feb  1 21:04:28 2014
  InstallationDate: Installed on 2014-02-01 (0 days ago)
  InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1)
  ProcEnviron:
   TERM=linux
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)
  crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1275380/+subscriptions

More information about the foundations-bugs mailing list