On Friday 23 May 2008, James McCarthy wrote:
> It is my understanding that Ubuntu disc encryption is provided by
> dm-crypt, which makes use of crypto api in the Linux kernel. And does
> not use anything from OpenSSL, meaning the flaw announced is not
> applicable?
Well, it's almostc certainly not applicable, but your phrasing is a bit
loose, hinging on what you understand by "from OpenSSL":
Any ssh or ssl keypairs generated by ("from"...) the debian-mangled
OpenSSL are weak. Stuff secured with such a keypair is at risk -
doesn't matter if it's not using openssl at runtime, doesn't matter if
it's not running on debian/debianoids.
HOWEVER, you don't usually use such keypairs in any part of a dm-crypt
setup. :-)
You could have gone out of your way to involve openssl... but you'd
almost certainly know it if you had:
http://www.debian.org/security/key-rollover/#cryptsetup
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
