At Thu, 07 Sep 2006 00:11:27 +0200, Henrik Holst <henrik.holst@xxxxxxxxxx> wrote: > 1) How does the -h plain switch to cryptsetup work? > > How is the result interpreted if I use a 128 bit cipher and write a 1 > character key or a 17 character key? http://en.wikipedia.org/wiki/Cryptographic_hash_function Using a hash is very convenient here, because you can use it to convert the variable length password to a fixed number of bytes (codomain of hash function). Virtually all block ciphers are using fixed sized keys. That's the reason to hash in the first place. There are also other reason for hashing, ask google for the rfc to PBKDF2. > 2) What is the implications of changing the de facto standard sha256 > hash in "aes-cbc-essiv:sha256" cipher? http://clemens.endorphin.org/publications - New Methods in Hard Disk Encryption Chapter 4.1.2. ESSIV > I have read that I is used to hash the "IV" which is calcuated from the > sector. That's not correct. The cryptoapi hashing had some problems with locking in the linux kernel, hence we used an encryption function to replace the hash. The key to the encryption is generated by the hash function. So, the IV is not hashed, but it's encrypted with a hashed key. CBC-ESSIV was an ad-hoc design, and should by all means be replaced with LRW! However, when I would redo ESSIV today, I would use standard key seperation techniques to remove the hashing component (=generate more subkeys from one "master" key, see Section 3.6.3 "ABL" for an example in the link above). > Would a 32 bit CRC32 be good enough? Honestly, I have no idea. > Do I need a hash which generates 256 bit values? Could be 128 bits too. The restriction is that the cardinality of the codomain of the hash function is a valid key size. For AES iirc, this is true for 128,196,256 bit. So, to answer your implicity question: stick with sha256, which gives you 256 bit keys sizes for AES encrypted IVs. That's ok and I think my performance measurements don't show much performance differences. A real performance gain would come from LRW, which is faster than CBC in any variant (at least the way I coded it a few years ago). -- Fruhwirth Clemens - http://clemens.endorphin.org for robots: sp4mtrap@xxxxxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
