7

I'm wondering, why is Ubuntu and Mint using SHA1 for Full Disk Encryption? I heard several times that SHA1 shouldn't be used anymore because it is weak and it could be cracked.

Could you guys explain to me why we should use the default GUI encryption if we can just encrypt the system over the terminal with SHA512? Am I paranoid or is it just a lie that SHA1 has been broken?

RoraΖ
  • 12,347
  • 4
  • 51
  • 83
Chibi
  • 79
  • 1
  • 2
  • 3
    Where do you get the information that they use SHA-1? This seems to suggest that it's AES256: http://askubuntu.com/questions/97196/how-secure-is-an-encrypted-luks-filesystem – AlexH Jan 12 '15 at 13:48
  • 6
    @darkf SHA* is used for the integrity check not the encryption itself. Ubuntu uses LUKS as its FDE software, and SHA1 is the default value that is configurable. I know that it also supports SHA256 and SHA512. – RoraΖ Jan 12 '15 at 14:01

2 Answers2

10

Am I paranoid or is it just a lie that SHA1 has been broken

As you can read here and elsewhere, SHA1 is no longer that robust. You may be also interested in reading How secure is Ubuntu's default full-disk encryption?. Check the list of supported LUKS ciphers, and For LUKS: The most preferable and safest cipher?.

Depending on the goals you are using LUKS for, maybe the answer to this question will calm you down.

Now if you are as paranoid as all the members of this website, of course LUKS is not that safe as you can read here. There are even practical and opensource tools to crack LUKS volumes. Such as this one.

Another alternative to LUKS is the use of TRESOR or maybe you will be interested in reading Linux, TRESOR and XTS to feel safer until your next paranoid crisis :)

Regards.

5

Am I paranoid or is it just a lie that SHA1 has been broken

You're being paranoid. No, seriously, you are :-)

SHA-1 is "broken" insofar as there exists a real, practical collision attack. Well, I should say almost practical, since even the most practical attack involves a cost which is in the lower million dollars ballpark.

The hash is used for password derivation (using PBKDF2 with a hard lower bound), which means that a preimage attack is needed, which is not at all the same thing as a collision attack, and which is to date entirely unfeasible.

It is much more likely that either your password is too weak or you will be tricked or forced into revealing your password than it is likely for SHA-1 becoming the problem.

Damon
  • 5,211
  • 1
  • 20
  • 26