eCryptfs uses a default salt to encrypt the mount passphrase, which
makes it easier for attackers to obtain user passwords via a brute force
attack. By default, the wrapping key is hashed with the default fixed
salt (0x0011223344556677).
This update introduces the version 2 wrapped-passphrase file format. It
adds the ability to combine a randomly generated salt with the wrapping
password (typically, a user’s login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users.
If pam_ecryptfs is used a transparent migration from version 1 to
version 2 files is provided, otherwise a manual re-wrapping of the
passphrase file is mandatory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | ecryptfs-utils | < 106-1 | UNKNOWN |