[Bug 243676] geom_eli geli: Erroneously accepts weak (short) keys
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 28 17:23:27 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243676
Bug ID: 243676
Summary: geom_eli geli: Erroneously accepts weak (short) keys
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: cem at freebsd.org
Entropy is cheap. We should reject keyfiles smaller than 256 bits at
initialization time. At attach, we should clearly continue allowing people to
access their existing volumes, but maybe a warning would be appropriate?
Today, GELI allows initialization with small and empty keyfiles (init -K,
attach -k). These should be rejected.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list