Kernel 6.1.1 brokenkey issue - fixed via new cryptsetup or not fixed?
Posted: 25 Dec 2022, 04:57
i was asking in the kernel thread which stable kernel would support nftables and got this reply
Now looking up the kernel.org Changelog via https://cdn.kernel.org/pub/linux/kernel ... eLog-6.1.1
There it says this
E.g. does what Blaze mentioned in "Note 3" fix the issue?
Blaze's kernel 6.1.1 x86-64 is posted here Porteus Kernel Builder (Post by Blaze #92288)
Now looking up the kernel.org Changelog via https://cdn.kernel.org/pub/linux/kernel ... eLog-6.1.1
There it says this
Is that a serious issue or is Blaze 6.1.1 kernel patched and thus the described issue doesn't apply to his kernel?NEWKEY is still broken: If for BROKENKEY 32 bytes were
specified, a brute force attacker knowing the key properties would only
need to try at most 2^(16*8) keys, as if the key was only 16 bytes long.
The security issue is a result of the combination of limiting the input
range to hex-ascii and using memcpy() instead of hex2bin(). It could
have been fixed either by allowing binary input or using hex2bin() (and
doubling the ascii input key length). This patch implements the latter.
E.g. does what Blaze mentioned in "Note 3" fix the issue?
(He provided no further link to the "new cryptsetup" so I could not look up the details myself, hence this post.)