>From David Härdeman and Jonas Meurer. cryptsetup ==========
Cryptsetup itself does not use openssl for encryption (this applies to both LUKS and dm-crypt devices). *If* cryptsetup has been configured to use SSL-encrypted keyfiles (a non-default setup which must be explicitly configured by the user) and a broken version of openssl was used to generate the keyfile, the keyfile encryption may be weaker than expected (as the salt is not truly random). The solution is either to re-encrypt the keyfile (if you are reasonably certain that the encrypted key has not been disclosed to to any third parties) or to wipe and reinstall the affected partition(s) using a new key. Instructions for re-encrypting a keyfile: Do the following for each SSL-encrypted keyfile, replacing <ssl_encrypted_key_path> with the path to the actual keyfile: tmpkey=$(tempfile) openssl enc -aes-256-cbc -d -salt -in <ssl_encrypted_key_path> -out "$tmpkey" shred -uz <ssl_encrypted_key_path> openssl enc -aes-256-cbc -e -salt -in "$tmpkey" -out <ssl_encrypted_key_path> shred -uz "$tmpkey" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
