Although I support the main message "update your header to a state or the art KDF", think you are not making the community a good service here.
Where is the indication that this was an attack against the KDF? For all we know they could have found a bug in the LUKS implementation.
Or much more realistically this was just an evil maid attack, or somebody got his password via "non-technical" means like filming him typing it in a cafe.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2023-04-18 08:11 pm (UTC)Where is the indication that this was an attack against the KDF? For all we know they could have found a bug in the LUKS implementation.
Or much more realistically this was just an evil maid attack, or somebody got his password via "non-technical" means like filming him typing it in a cafe.