Public bug reported: The SHA-1 hash has been, for years now, considered undesirable for new installations. In Trusty, a new install using LUKS results in an installation using SHA-1 hashing, as can be demonstrated by using the following command:
cryptsetup luksDump <encrypted partition> Please consider compiling the "cryptsetup" package to use a stronger default hash, perhaps SHA-256 or even SHA-512. I think the option "--with-luks1-hash=sha256", for instance, should give us a SHA-256 default hash, which would be significantly more secure than our current default in Ubuntu. Thank you, Brian ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: cryptsetup 2:1.6.1-1ubuntu1 ProcVersionSignature: Ubuntu 3.13.0-5.20-generic 3.13.0 Uname: Linux 3.13.0-5-generic x86_64 ApportVersion: 2.13.1-0ubuntu1 Architecture: amd64 Date: Sat Feb 1 21:04:28 2014 InstallationDate: Installed on 2014-02-01 (0 days ago) InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140121.1) ProcEnviron: TERM=linux PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: cryptsetup UpgradeStatus: No upgrade log present (probably fresh install) crypttab: vda5_crypt UUID=d2509a89-e711-4419-93e2-37a71941d6b8 none luks ** Affects: cryptsetup (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1275380 Title: Cryptsetup still using SHA-1 as default hash for Debian Installer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1275380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs