LUKS keys are not randomly generated during boot; they are fixed at LUKS creation time. As time passes, more and more of the swap space will be filled with randomish data, reducing the surface area of this attack, but at least after a fresh install, if you can assume that all or most of swap is filled with zeros in the plain text, then it makes crptanalysis of the cihphertext to obtain the key easier. It still isn't easy, but it is at least easier than it would be if we did *not* zero the swap device. Since it makes crtyptanalysis easier, and also is a waste of time, we should at least simply not zero the swap device and leave its contents as is.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1506995 Title: Ubiquity facilitate attack on crypto LUKS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1506995/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
