[Bug 1928860] Re: Recovery key is low-entropy
Jean-Baptiste Lallement
1928860 at bugs.launchpad.net
Sun Aug 8 10:39:07 UTC 2021
ubiquity (21.10.4) impish; urgency=medium
[ Didier Roche ]
[ Jean-Baptiste Lallement ]
* Make the recovery key a 48 digits password by default
(LP: 1928860)
* Recovery key is editable and optional.
* Show the recovery key during manual partitioning.
* Display a warning if recovery key is stored on a non removable media.
** Changed in: ubiquity (Ubuntu Impish)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1928860
Title:
Recovery key is low-entropy
Status in ubiquity package in Ubuntu:
Fix Released
Status in ubiquity source package in Impish:
Fix Released
Bug description:
Ubuntu 21.04 Desktop ISO includes Ubiquity installer which offers the
user to set up full-disk encryption. In this set-up a recovery key is
automatically generated and added to the system.
The recovery key is 16 decimal digits or ~53.2 bits of entropy so
within capabilities of offline brute-force attacks for well-resourced
attackers.
To confirm, the key is generated here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/ubiquity/plugins/ubi-
partman.py#n306 and used here:
https://git.launchpad.net/ubuntu/+source/ubiquity/tree/scripts/plugininstall.py#n915
(see also the attached screenshot).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1928860/+subscriptions
More information about the foundations-bugs
mailing list