From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 0Kb0B+UGQWQREAAASxT56A (envelope-from ) for ; Thu, 20 Apr 2023 11:33:25 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id iL7yB+UGQWTRTQAAauVa8A (envelope-from ) for ; Thu, 20 Apr 2023 11:33:25 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ADD7719873 for ; Thu, 20 Apr 2023 11:33:24 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ppQf2-0008K7-Df; Thu, 20 Apr 2023 05:33:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppQey-0008Ai-FF; Thu, 20 Apr 2023 05:33:00 -0400 Received: from mout.web.de ([212.227.15.14]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppQev-0002hs-Gg; Thu, 20 Apr 2023 05:33:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1681983168; i=jonathan.brielmaier@web.de; bh=vcOqdUND6BEEzMN8feRc0x6qfSfuYhZxqYgWDgbrlB8=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=eoQXTMpuirnn2hMfv5+M6iCflmFOplpevOCgrLf6L0TwlEwMW1Gxyp+PQ6tzyjBAB 0skNZavfrp4QlehvJQu1cR0VxEZ09KRGGUxkdUatq+oEjAzRE2XOf+VOPMQCSjCgDO 6x/ZbEp3A2odjnqo3C0fQZt46H5uNcBJayS5c/q80ej2lOl/SgWVVYfLBawIwWTSy7 hOJGxMbM0lA8e7kIue31K963zliVk1jttbsoOE1lpWUSWLXX9RrT8EfOmliLpzizOe b65A4YYqZcOdm+lsT0SqNvD6SVjObWrscr7iTkKTI7V2Iv5BJyrcO4fPCh+IA89TPv vWoUCjukew7VA== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.23] ([77.12.153.96]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1Mpl0r-1qf2o63jwL-00pjeQ; Thu, 20 Apr 2023 11:32:47 +0200 Message-ID: <7aee4c5d-662a-52fe-dbc3-7ba4893109ae@web.de> Date: Thu, 20 Apr 2023 11:32:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: PSA for LUKS users Content-Language: de-DE, en-US To: Vagrant Cascadian , Felix Lechner , Guix Devel , help-guix References: <87edoftd1x.fsf@wireframe> From: Jonathan Brielmaier In-Reply-To: <87edoftd1x.fsf@wireframe> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:8PnMgROl2diP7Qc7rzkPuSde8ocCFTu3+BL30C1AqBAvyXHCCIm SUvLvf4vfHfUW3NvFwZJUpVTyWhkvt642ezMgRiRMjR9OkMieTWOnsf/yW5TlSGRRSOsh5b Ufmk+p1LoIEv5g02hFnOEVwstp6cPr23ZKHcho+0SHpcNq/rvFzdk0oSVIrOEnExjWAmR5W t+vYn84i6BdlSJmW+cUZw== UI-OutboundReport: notjunk:1;M01:P0:bW8cX4cQuPw=;xAl9WI0VVVUB7taPpCEnZxcgteW TyI0+BXRCFmvaIFhVOWxtbzHA4W5G7ml6nud/XW6Gxdg6dWoRbS357YNBLPrslaJV6Y5QI3tf cvUPhBcEDc7CT+owS2+itBXpK8ECq+7MRSU86ZAjjpuvDuMmo8jkjbb8+gJjwEn1nXxOrdl0j kdzy4STR2C+jv3YvPDYmKEPOtyR5K5Nr9fCHmNEFaryERFKTO/XgW5+ftxPRWN7B9ELUjglhS sBt/LpHxgOdK5Klmm7BR/Yf8fD7SQVZGnC/gfI9AA6QZ1MO/bSblty+4aeCsCNjMWW4X8kUoj bbS4tGlssZQjofhcy4xSSymXhY1fE1wcuc/wBh1lgG37ibcpu2w7XoZcFIlWo60pnhzOSmySA 0UCieeZ7pMs/sE1CDEQ7XZ87iOXKMrAJCfCiaxB49geL5hFQg55OnRznG8CCLGMRvTWfNpdPl Yf4fv53yOM2vh8teFzIe8fhB+gl3TyVRKgPvKlZD0zgY/aXx8m1l18Zik//AoNbemacu/syUe we8CMmlQQfIglofIlgkD1TZHZMEUa9xI1+/G3IRUA7wegnAeoPW+JMS4caf4VwsmuLHqnOyec QmQqNOOye6Hj+qiY3kVBoRv+9Yu/XM6uOzsShHIt0DfPZknmCOROZpxuMqt+S+GcCmd0LsF+k o981E6C5nWdCUBfXnDgnpbV2646cxg0WyztLXVsZITzb9SwolMlWWzhL9u1dqxRxKYmfNlrFf jIdG3iI0TIjDYdwfygAVBc1rsrnloDxJWyWvNnWNZeL5tDQpjQifTP7712xZ5WFWYHz1bs1N8 DqiWSd5msevW/eAJlgGrN67Q8wVUIQfKzCOJ1yZHWkBFT/SnQqXC1RceFvHCT0uSzkrQvP/98 5VuJArhW8kfWDdblC/fz/isS4W0X5R59KoGA3klHobyOB/uAtyvx2pcTgQMjWPa1I8IXpqGH0 tL8hCJWoGyNOiIp36Y+a/ilVmJw= Received-SPF: pass client-ip=212.227.15.14; envelope-from=jonathan.brielmaier@web.de; helo=mout.web.de X-Spam_score_int: -53 X-Spam_score: -5.4 X-Spam_bar: ----- X-Spam_report: (-5.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-2.597, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1681983205; a=rsa-sha256; cv=none; b=BKqxBBT/Vt2QyJQsCa722c/2aygmC+V6nj3KE0ri0JPY18mDJmNXY1w+3DNyRSDjb7vP/T jB+xaCtGL5dil6EIXEAPKZm+9HTORq7A4/hzyO5XM5Lzt0D+HbcnXvGO0m3m7aOWC4LtQP JJ5Q21gR14jBjXK+eKeJXSbthbkO8uNhXqyt+CojNdnrv7qPELG7/krlmmmDHDfvRAchYZ ngFgSC/c4TsO85e75J1YYbI3Gj4jjLU8+5lT4j6tOFUvN7o6KCULT1/IdPag2K23Rk4vZI rgPIWVO6DyqhjM/GmnMePVK4d4ukRexJqnOLKk/B0bC7GRPA1HkrtKW9Na/NyA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=web.de header.s=s29768273 header.b=eoQXTMpu; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1681983205; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=vcOqdUND6BEEzMN8feRc0x6qfSfuYhZxqYgWDgbrlB8=; b=aGd3YI1dXQs89nbJHEYjlDNwTzf8tPqPbWp4seB7kFoWHRg3S/QTfLKG3HK15joH83EPQc c9jOT3RPX58nel+YowDrp4ZtO3aJZkM4DkQU7NMaFf9mIRehPr+CoFEVu3+HSn4Pr15eTk 0E0vxKrhgTn0EtZ6sQ9ZHIGRpx5r2K2jzNhpcVV8kOdjRuSg4Ddb3TSdPRpcfwqkRwZwFh Fi0koArnzrp2wzOLRRO6EWOsZervpa4cu4nrkuHNMX2g3rLZj702cEY9SSSl3YsObwEIMx tAU3pB5gvgWXGJfdmfmRl1dkTuTvnS2rywqbYHvVHSZdfDYM/QPZNiDqYGjZCQ== X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -6.01 X-Spam-Score: -6.01 X-Migadu-Queue-Id: ADD7719873 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=web.de header.s=s29768273 header.b=eoQXTMpu; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-TUID: 6BDgFS3ylz3+ Am 20.04.23 um 06:03 schrieb Vagrant Cascadian: > On 2023-04-19, Felix Lechner via wrote: >> Given the broad popularity of LUKS full-disk encryption among our >> fellow Guix users, I thought the community might appreciate reading >> about potentially weak key-derivation functions in older LUKS >> installations. [1] >> >> The article even offers fixes, although I cannot say whether your >> system will boot after you follow the steps since I do not use LUKS >> personally. Stay safe! > ... >> [1] https://mjg59.dreamwidth.org/66429.html > > In short, those instructions will almost certainly break Guix System! Can confirm :) At least the described backup & restore procedure does work= . I also think, that our cryptsetup is quite old, so I built a patch for updating: https://issues.guix.gnu.org/62960 > While recent grub2 finally has limited support for luks2, it only > supports the weaker KDF (key derivation function) (PBKDF2?), as I > understand it, though would be happy to be proven wrong! The support seems pretty limited, as I only updated the LUKS version of my root-partition to version 2 (still PBKDF) and it already refused to boot... ~Jonathan