Explore top 10 tips to secure your open-source projects now. Read More
× Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk
encryption configuration tool for Linux.
LUKS2 (an on-disk format) online reencryption is an optional extension to
allow a user to change the data reencryption key while the data device is
available for use during the whole reencryption process.
An attacker can modify on-disk metadata to simulate decryption in progress
with crashed (unfinished) reencryption step and persistently decrypt part
of the LUKS2 device (LUKS1 devices are indirectly affected as well, see
below).
This attack requires repeated physical access to the LUKS2 device but no
knowledge of user passphrases.
The decryption step is performed after a valid user activates the device
with a correct passphrase and modified metadata.
The size of possible decrypted data per attack step depends on configured
LUKS2 header size (metadata size is configurable for LUKS2). With the
default LUK...
Get the latest Linux and open source security news straight to your inbox.