this post was submitted on 23 Jun 2023
17 points (100.0% liked)
Linux
1823 readers
1 users here now
Everything about Linux
RULES
-
Be nice to each other.
-
No memes or pictures of Linux in the wild.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
LUKS is not broken. An old KDF option in LUKS for encrypting the master encryption key in a keyslot is just old and less safe than newer, better KDF options.
The article is almost 70 days old, and Clemens Fruhwirth, one of the creators of LUKS, has responded:
It doesn't seem like it's such a big deal.
Yep, a 10 Diceware word passphrase is just as secure as a 128-bit encryption key, even if only HKDF were used instead of a password-based KDF. Key stretching matters when you have weak passphrases, and even Argon2 only adds a few bits of effective entropy with reasonable difficulty factors.
can you please link to the source with Fruhwirth's response?
https://www.reddit.com/r/linux/comments/12q51ce/comment/jgpvsqc/?utm_source=share&utm_medium=web2x&context=3