Should I update my fedora encrypted system?

I have installed my Fedora Workstation version 23 using native disk encryption.
Since it, I am upgrading it using dnf system-upgrade plugin.
Some time ago, I’ve discovered about SHA1 is now discontinued.

Reading the cryptsetup luksDump of my encrypted system, I can see it was installed using SHA1:

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 512

My password has more than 70 characters. But, should I reinstall the full system to update my hash encryption ?
I am really unsafe for keeping SHA1 ?

Thank you

Hi vdTOG and welcome.

LUKS-encrypted volumes using sha1 hashes should still be accessible for the foreseeable future, so I don’t think you will have a problem if you upgrade to F32 (having a backup is always A Good Idea™).

You can also reencrypt your device, using more modern options, but for that you should absolutely make sure that you have everything backed up and you might need to resize your partitions to make room for potentially larger headers. See this for some more information.

1 Like

Hi vdTOG and welcome.

Hi @alexpl, thank you.

It is a good ideia to perform this command on my encrypted device ??

cryptsetup-reencrypt --keep-key --hash sha512 <device>

I mean, without reencrypt the whole data, just header only.

I’ve performed a test for the backuped header of my encrypted system.
I’ve tried to SHA256 and to SHA512.

Version:       	1
Cipher name:   	aes
Cipher mode:   	xts-plain64
Hash spec:     	sha256
Payload offset:	4096
MK bits:       	512

Iterations has increased too significant in SHA512 !
I can’t believe, I am using the old hash for more than 7 years.

But I don’t want to wait to reencrypt all whole device.

It is certainly doable, but you’ll need to make sure that you are not changing its size. From your experiments, are the headers identical (in size)?

I would feel safer redoing the whole thing, but with the caveats mentioned here, i.e. first re-encryption with the same options but with the --reduce-device-size flag and once you’ve made the required space, proceed with re-encrypting with more modern options.

If all you care about is upgrading to F32, the whole dilemma is moot, I think.

2 Likes

Yes. It keep with same size, before and after: 2.068.480 bytes.

As I can see, new headers, have now 16.777.216 bytes. Certainly it will requires reallocating.

@alexpl I am already upgrading to newer versions using dnf system-upgrade plugin. I am already with Fedora 32 working finely. But as I’ve installed and encrypted my disk before SHA1 has been discontinued, I really want to change the hash-spec to SHA256 or SHA512. But, just it.

In this case, SHA512 had a better performance on benchmark, about 40% to 60% fastter.

SHA1 (key-size 256 bits): 1115506 iterations.
SHA256 (key-size 256 bits): 1383345 iterations.
SHA512 (key-size 256 bits): 963764 iterations.
SHA512 (key-size 512 bits): 951520 iterations.
SHA256 (key-size 512 bits): 690761 iterations.
SHA1 (key-size 512 bits): 554215 iterations.
1 Like

Well then, I’d say it’s worth switching over (but please take a backup first…).

1 Like

As I can see in ‘Cryptsetup 1.7.0 Release Notes’:

You can change iteration time and used hash function in existing LUKS header with cryptsetup-reencrypt utility even without full reencryption of device (see --keep-key option).

So, I will give a try for it.
Do you think I have to change the hash using a LiveCD and with the encrypted volume unmounted ?
Or I can to change the hash even with the encrypted volume mounted and in use ??

Thank you very much for attention, @alexpl

Since it’s an old volume, you have to use the old cryptsetup-reencrypt tool which works on unmounted devices, so yes, boot off a live medium to do that.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.