Recovery key is low-entropy
Bug #1928860 reported by
Madars
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubiquity (Ubuntu) |
Fix Released
|
High
|
Jean-Baptiste Lallement | ||
Impish |
Fix Released
|
High
|
Jean-Baptiste Lallement |
Bug Description
Ubuntu 21.04 Desktop ISO includes Ubiquity installer which offers the user to set up full-disk encryption. In this set-up a recovery key is automatically generated and added to the system.
The recovery key is 16 decimal digits or ~53.2 bits of entropy so within capabilities of offline brute-force attacks for well-resourced attackers.
To confirm, the key is generated here: https:/
information type: | Private Security → Public Security |
tags: |
added: rls-ii-notfixing removed: rls-ii-incoming |
tags: | removed: rls-ii-notfixing |
Changed in ubiquity (Ubuntu Impish): | |
assignee: | nobody → Jean-Baptiste Lallement (jibel) |
Changed in ubiquity (Ubuntu Impish): | |
milestone: | none → ubuntu-21.10 |
milestone: | ubuntu-21.10 → ubuntu-21.10-beta |
To post a comment you must log in.
Hello Madars, thanks for the report; can we make this bug public to get more feedback on it? (Is that recovery key in your screenshot something that's important to you?)
Thanks