Public bug reported: Hello,
clevis released with version 18 on jammy (22.04). For reasons that are a bit beyond me, the cryptsetup call inside of clevis creates keyslots using argon2id as the pbkdf. While most folks would say this is preferable, NIST still has not approved it and it is thus incompatible with fips 140-3 at this time. Oddly enough, there was an upstream commit that was implemented to help with an OOM condition that accidentally forced pbkdf2 rather than argon2id. Commit found here: https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35 Ideally, we need to either just bring that commit back to the jammy version, or get to the root cause of why cryptsetup in that exact scenario prefers argon2id. ** Affects: clevis (Ubuntu) Importance: Undecided Status: New ** Affects: clevis (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: clevis (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
