digitalcourage.social

House Panther :verified_paw:I finally got my <a href="https://goblackcat.social/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinux</a> disk encryption upgraded to <a href="https://goblackcat.social/tags/LUKS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#LUKS2</a>. It certainly was a challenge because <a href="https://goblackcat.social/tags/grub" class="mention hashtag" rel="nofollow noopener" target="_blank">#grub</a> does not seem to play nicely with it but I did get it to work. Grub has a bug in it where passphrases entered from the keyboard need to use PBDKF2 and key files need to use Argon2id. Once I figured this out, everything worked smoothly.

🅹🅴🅳🅸🅴 🇺🇦🕊️Mir ist aufgefallen, das bei <a href="https://chaos.social/tags/TuxedoOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TuxedoOS</a> das Benutzer Passwort nicht mit dem <a href="https://chaos.social/tags/luks2" class="mention hashtag" rel="nofollow noopener" target="_blank">#luks2</a> Passwort synchronisiert wird.z.B. user Passwort in KDE ändern oder einen neuen benutzer anlegen. Ich kann dennoch die Verschlüsselung nur mit dem initialen Passwort, bei der Installation aufschließen.Offenbar gibt es auch keine Möglichkeit per GUI ein Passwort hinzuzufügen. Sehe nur die Möglichkeit mit cryptsetup auf Konsole zu arbeiten.Übersehe ich was? <a href="https://linuxrocks.online/@tuxedocomputers" class="u-url mention" rel="nofollow noopener" target="_blank">@tuxedocomputers</a>

Jarkko SakkinenFinally HMAC encryption for in-kernel TPM clients is going to a release! Has been hanging there for a long time. LUKS2 and distributions starting to support it motivated me to rewrite the buffering code last Spring because that was my main turn-down in the original patch set, and then James took over and cleaned up the functionality and I reviewed it for few rounds until it was good enough. With this and TPM2 sealed hard drive encryption there is a somewhat reasonable security model without having to type encryption password to a bootloader prompt (which is tedious). I.e. login and go. A rare case of security feature also increasing user experience. <a class="hashtag" href="https://social.kernel.org/tag/linux" rel="nofollow noopener" target="_blank">#linux</a> <a class="hashtag" href="https://social.kernel.org/tag/kernel" rel="nofollow noopener" target="_blank">#kernel</a> <a class="hashtag" href="https://social.kernel.org/tag/tpm" rel="nofollow noopener" target="_blank">#tpm</a> <a class="hashtag" href="https://social.kernel.org/tag/luks2" rel="nofollow noopener" target="_blank">#luks2</a>

Linux TLDRLinux Weekly Roundup: EndeavourOS Galileo with KDE, Rocky Linux 9.3 Updates, Proxmox VE 8.1 Enhancements, and More! <a href="https://noc.social/tags/EndeavourOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#EndeavourOS</a> <a href="https://noc.social/tags/RockyLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#RockyLinux</a> <a href="https://noc.social/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxmox</a> <a href="https://noc.social/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FreeBSD</a> <a href="https://noc.social/tags/OpenMandriva" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenMandriva</a> <a href="https://noc.social/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#KDE</a> <a href="https://noc.social/tags/LUKS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#LUKS2</a> <a href="https://noc.social/tags/Calamares" class="mention hashtag" rel="nofollow noopener" target="_blank">#Calamares</a> <a href="https://noc.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureBoot</a> <a href="https://noc.social/tags/CephReef" class="mention hashtag" rel="nofollow noopener" target="_blank">#CephReef</a> <a href="https://noc.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> <a href="https://noc.social/tags/Plasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#Plasma</a> <a href="https://linuxtldr.com/weekly-roundup/" rel="nofollow noopener" target="_blank">https://linuxtldr.com/weekly-roundup/</a>

erAck<a href="https://floss.social/@downey" class="u-url mention" rel="nofollow noopener" target="_blank">@downey</a> As you mentioned reencrypt, that's about encrypting existing data? Then maybe this <a href="https://social.tchncs.de/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#RHEL</a> guide helps: <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/encrypting-block-devices-using-luks_security-hardening#encrypting-existing-data-on-a-block-device-using-luks2_encrypting-block-devices-using-luks" rel="nofollow noopener" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/encrypting-block-devices-using-luks_security-hardening#encrypting-existing-data-on-a-block-device-using-luks2_encrypting-block-devices-using-luks</a>Or just have a complete backup (you should anyway), wipe, create a <a href="https://social.tchncs.de/tags/LUKS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#LUKS2</a> partition and possibly <a href="https://social.tchncs.de/tags/LVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LVM</a> on it and restore..

Christian Pietsch (old acct.)<a href="https://nondeterministic.computer/@mjg59" class="u-url mention">@mjg59</a> Thank you for sounding the alert!I identified a minor issue with your otherwise nice explanation: According to my sources (man cryptsetup, <a href="https://digitalcourage.social/tags/rfc9106" class="mention hashtag" rel="tag">#rfc9106</a>), all <a href="https://digitalcourage.social/tags/argon2" class="mention hashtag" rel="tag">#argon2</a> varieties are memory-hard. RFC 9106 is even titled “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”.However, given that there are known attacks against <a href="https://digitalcourage.social/tags/argon2i" class="mention hashtag" rel="tag">#argon2i</a>, it seems wise to use <a href="https://digitalcourage.social/tags/argon2id" class="mention hashtag" rel="tag">#argon2id</a> instead. It is also what is recommended in the RFC.As a <a href="https://digitalcourage.social/tags/QubesOS" class="mention hashtag" rel="tag">#QubesOS</a> user, I just checked the state of affairs there:The cryptsetup that comes with QubesOS 3.x used <a href="https://digitalcourage.social/tags/luks1" class="mention hashtag" rel="tag">#luks1</a>, and those who did an in-place upgrade to 4.x still have that unless they converted to <a href="https://digitalcourage.social/tags/luks2" class="mention hashtag" rel="tag">#luks2</a> manually (as detailed in the migration guide).The cryptsetup in QubesOS 4.x uses <a href="https://digitalcourage.social/tags/luks2" class="mention hashtag" rel="tag">#luks2</a>, but it still defaults to <a href="https://digitalcourage.social/tags/argon2i" class="mention hashtag" rel="tag">#argon2i</a> unfortunately.

Recent searches

Search options

Administered by:

Server stats:

#luks2