git.ipfire.org Git - thirdparty/systemd.git/commit

author	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 24 Apr 2026 19:43:30 +0000 (20:43 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Tue, 19 May 2026 12:35:19 +0000 (13:35 +0100)
commit	4a82fc67c62f42fc0cc5656887386c653896c6e0
tree	5794fcfd053ab6e4b1a887c4abff3a5c7d3d22d6	tree \| snapshot
parent	a332f3b6caf1f1fa1d90f5d5ea88f24d3017792a	commit \| diff

homed/fscrypt: add new xattr format hardening key sealing

The current key sealing format has some less-than-ideal weaknesses:

- PBKDF2 with only 65k iterations, where recommendations are ~200k
- AES with null IV, relying on salt for uniqueness
- lack of AES MAC/AEAD

However improbable, it is at least theorically possible that with
a lot of resources an offline bruteforce could be attempted.

Add a v2 sealing format, keeping unsealing compatibility with
the current format:

v2:<iterations>:<salt>:<IV>:<ciphertext>:<aes tag>

and use 600k iterations for the PBKDF2 sha512

docs/HOME_DIRECTORY.md		diff \| blob \| blame \| history
src/home/homework-fscrypt.c		diff \| blob \| blame \| history
test/units/TEST-46-HOMED.sh		diff \| blob \| blame \| history