Monday, May 20, 2013

Do NOT use SHA-1: LUKS disk encryption

What the..?

As the cryptography expert Bruce Schneier already told in year 2005, do not use SHA-1 because its broken. See his article here:

Several years ago, many governments also recommended to stop using this one.

Does linux LUKS use SHA-1?

Yes it does by default. 
Just create a Volume/Container with default values (e.g. cryptsetup luksFormat /dev/loop0).
Did you use the debian installer to encrypt your LUKS device? Same thing.

How do i verify if i use SHA-1 on LUKS?

Thats simple. 
Just fire up "cryptsetup luksDump" on your encrypted volume. (e.g. cryptsetup luksDump /dev/loop0)

Which Hash should i alternatively use?

At time of writing (year 2013) and in this context, we recommend SHA512. 

Can i change the current hash in LUKS on-the-fly?

No you can NOT. You need to re-encrypt your device. There is a experimental tool from the authors of cryptsetup, called "cryptsetup-reencrypt" which is included in the official source-code. We succeeded in reencrypting a system-volume encrypted with aes and sha-1 hash, and switched to twofish as encryption algorithm and sha512 as hash  by the command: 

./cryptsetup-reencrypt -c  twofish-xts-plain -h sha512 /dev/loop0

Please be very careful and use a backup before using this tool!

So, i am insecure when not switching?

It depends. For the most people the default settings are secure. In LUKS we also have PBKDF2 in front of, which prevents/reduces many forms of attacks. 

The main reason is: why should i use something insecure like SHA-1? Just for comfort? 

No comments:

Post a Comment