Bug#788227: marked as done (add 512 bit key-size for AES (XTS-AES))

To: Carlos Alberto Lopez Perez <clopez@igalia.com>
Subject: Bug#788227: marked as done (add 512 bit key-size for AES (XTS-AES))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 01 Apr 2023 00:27:02 +0000
Message-id: <[🔎] handler.788227.D788227.16803085732432296.ackdone@bugs.debian.org>
Reply-to: 788227@bugs.debian.org
References: <b9bcef7b-5f2b-2d2f-5061-5c72d9654806@igalia.com> <557700B0.2080108@gmail.com>

Your message dated Sat, 1 Apr 2023 02:22:45 +0200
with message-id <b9bcef7b-5f2b-2d2f-5061-5c72d9654806@igalia.com>
and subject line add 512 bit key-size for AES (XTS-AES)
has caused the Debian Bug report #788227,
regarding add 512 bit key-size for AES (XTS-AES)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
788227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788227
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Cc: debian-boot@lists.debian.org

Subject: add 512 bit key-size for AES (XTS-AES)

From: Nathan Schulte <nmschulte@gmail.com>

Date: Tue, 09 Jun 2015 10:05:20 -0500

Message-id: <557700B0.2080108@gmail.com>

In-reply-to: <5564C500.8050406@gmail.com>

References: <5564C500.8050406@gmail.com>
Package: partman-crypto
Version: 82
This report is to request (with patch) allowing 512 bit key-size whenusing XTS-AES for disk encryption (via the xts-aes-plain64 cipher).This started as a query to the mailing list (which seems useless, by theway) which is CC'd.
--

On 05/26/2015 02:09 PM, Nathan Schulte wrote:
As it stands, it appears the installer requires you to create a
partition table on the Encrypted Volumes and does not allow using the
entire device alone.  I believe this feature was available in the past,
though I could be mis-recalling.  Either way, I was able to do this in
the past and I'm pretty sure I haven't forgotten anything about what I
did.
After much trial and error, I was able to get this working with a rathersimple procedure:
partman (or the step just prior) will detect and list open LUKS devicesif setup (manually) before entering the wizard. The display is a bitmisleading, as partman shows the encrypted volumes as having a singlepartition, but in this mode it does not create a partition table as youwould have to do should you choose to use the partman wizard to createthe encrypted volumes.
On a related note, I believe the partman-crypto part of the partitioner
should allow for selecting 512 bit key sizes, as the default cipher
(aes-xts-plain64) effectively halves the chosen key size.  This ought to
be a straight-forward patch.
This is an extremely simple patch, which is attached. The comment is ofinterest, however:
    add 512 bit key-size for AES (XTS-AES)

    the aes-xts-plain64 cipher effectively halves the chosen keysize due to
    keysplitting used in the algorithm.  Thus, choosing a 256 bit key-size
    does not lead to AES 256 encryption but AES 128 instead.

    There's probably a better way to convey this to the user, as they'll need
    to be vigilant in order to make use of this.  As well, it may be wise to
    default to 256 bit key-size in the UI, and I believe this change will
    cause the default selection to be 512.
--
Nate
>From 5af2b9ccc99a8f1cf3be62ff3faea37f2785a480 Mon Sep 17 00:00:00 2001
From: Nathan Schulte <nmschulte@gmail.com>
Date: Tue, 9 Jun 2015 09:46:53 -0500
Subject: [PATCH] add 512 bit key-size for AES (XTS-AES)

the aes-xts-plain64 cipher effectively halves the chosen keysize due to
keysplitting used in the algorithm.  Thus, choosing a 256 bit key-size
does not lead to AES 256 encryption but AES 128 instead.

There's probably a better way to convey this to the user, as they'll need
to be vigilant in order to make use of this.  As well, it may be wise to
default to 256 bit key-size in the UI, and I believe this change will
cause the default selection to be 512.
---
 ciphers/dm-crypt/aes/keysize | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ciphers/dm-crypt/aes/keysize b/ciphers/dm-crypt/aes/keysize
index ab43da4..be82d8d 100644
--- a/ciphers/dm-crypt/aes/keysize
+++ b/ciphers/dm-crypt/aes/keysize
@@ -1 +1 @@
-256 192 128
+512 256 192 128
-- 
2.1.4
--- End Message ---

--- Begin Message ---

To: 788227-done@bugs.debian.org
Subject: add 512 bit key-size for AES (XTS-AES)
From: Carlos Alberto Lopez Perez <clopez@igalia.com>
Date: Sat, 1 Apr 2023 02:22:45 +0200
Message-id: <b9bcef7b-5f2b-2d2f-5061-5c72d9654806@igalia.com>

Hi,


The debian installer (since buster) automatically doubles the selected
key size when XTS mode is selected.

So selecting 256 key and XTS means it will end using a 512 key

This matches what cryptsetup does by default

From
https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/bookworm/docs/v2.1.0-ReleaseNotes#L39
* Cryptsetup now doubles LUKS default key size if XTS mode is used
  (XTS mode uses two internal keys). This does not apply if key size
  is explicitly specified on the command line and it does not apply
  for the plain mode.
  This fixes a confusion with AES and 256bit key in XTS mode where
  code used AES128 and not AES256 as often expected.


More details:
https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/6

--- End Message ---

Reply to:

Prev by Date: Please dak copy-installer 20230401
Next by Date: Processed: Re: Bug#1029962: check-missing-firmware fails to find firmware file or package on partitioned removable media
Previous by thread: Please dak copy-installer 20230401
Next by thread: Bug#1029962: check-missing-firmware fails to find firmware file or package on partitioned removable media
Index(es):
- Date
- Thread