Support in grub userland tools for other PBKDF2 hashes

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Support in grub userland tools for other PBKDF2 hashes

From:	Josselin Poiret
Subject:	Support in grub userland tools for other PBKDF2 hashes
Date:	Thu, 04 May 2023 20:58:51 +0200

Hi everyone,

It's been brought to my attention that in my commit [1], I mistakenly
indicated that SHA256 was the only hash supported by the PBKDF2 kdf.  I
may have misread the default value for the list of possible values in
the upstream spec, since more hashes are supported.  One possible
problem though is that it would not be possible to simply dynamically
ask dm-crypt for the hash function that was used when unlocking, since
that isn't kept around, from what I remember.

I don't have the bandwidth to work on this currently, but I can see two
solutions: either indiscriminately add all abstractions for all possible
hash functions of PBKDF2, or parse the LUKS2 headers of the partition to
find out which hash function is used.  In the meantime, if you use a
hash function that isn't SHA256, like SHA512, you'll need to add
--modules="gcry_sha512" to your grub-install invocation.

[1] aa5172a55cfabdd0bed3161ad44fc228b9d019f7

Best,
-- 
Josselin Poiret

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Support in grub userland tools for other PBKDF2 hashes, Josselin Poiret <=

Prev by Date: [PATCH v2 1/4] fs/hfsplus: Validate btree node size
Next by Date: [PATCH] grub-install-common: Fix the key of the --core-compress option
Previous by thread: [PATCH v2 0/4] Prevent out-of-bound reads
Next by thread: [PATCH] grub-install-common: Fix the key of the --core-compress option
Index(es):
- Date
- Thread