[Bug 1275380] Re: Cryptsetup still using SHA-1 as default hash for Debian Installer

Brian Knoll 1275380 at bugs.launchpad.net
Sun Feb 2 02:35:53 UTC 2014 

I just want to add that an even better option, long-term, would probably
be to push back to upstream the idea that the installer should be
modified to present the user installing the system with the choice of
hash to be used.  However, this does not change the fact that the
default hash should be changed to something significantly stronger than
SHA-1, probably something from the SHA-2 family such as SHA-256 or
SHA-512, as mentioned in this ticket.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1275380

Title:
  Cryptsetup still using SHA-1 as default hash for Debian Installer

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  The SHA-1 hash has been, for years now, considered undesirable for new
  installations.  In Trusty, a new install using LUKS results in an
  installation using SHA-1 hashing, as can be demonstrated by using the
  following command:

  cryptsetup luksDump <encrypted partition>

  Please consider compiling the "cryptsetup" package to use a stronger
  default hash, perhaps SHA-256 or even SHA-512.

  I think the option "--with-luks1-hash=sha256", for instance, should
  give us a SHA-256 default hash, which would be significantly more
  secure than our current default in Ubuntu.

  Thank you,
  Brian

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: cryptsetup 2:1.6.1-1ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0
  Uname: Linux 3.13.0-5-generic x86_64
  ApportVersion: 2.13.1-0ubuntu1
  Architecture: amd64
  Date: Sat Feb  1 21:04:28 2014
  InstallationDate: Installed on 2014-02-01 (0 days ago)
  InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1)
  ProcEnviron:
   TERM=linux
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)
  crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1275380/+subscriptions

More information about the foundations-bugs mailing list