KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
football/tests/unit/encryption-setup_test.bats
Charles N Wyble 5b01cfd71b feat: add Argon2id KDF configuration for LUKS2 (FINDING-005) 
Debian partman-crypto does not support preseed configuration for KDF
type, defaulting to PBKDF2. PRD requires Argon2id for its superior
resistance to GPU-based attacks.

Solution: Post-install hook that creates:
- /usr/local/bin/convert-luks-kdf.sh: User-runnable script to convert
  PBKDF2 to Argon2id with proper parameters (memory=1GB, parallelism=4)
- /etc/profile.d/knel-kdf-reminder.sh: Login reminder until conversion
- Updated /var/backups/keys/README.txt with conversion instructions

Tests added (3 new):
- Argon2id KDF configuration hook or script exists
- KDF conversion helper script is created
- User receives notification about KDF optimization

Reference: docs/PRD.md encryption requirements
Audit: FINDING-005 (2026-02-20)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-02-20 11:00:23 -05:00

3.0 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink