At Sun, 9 Mar 2008 14:41:13 +0000, dennis@xxxxxxxxxxxxxxxxx (Dennis Furey) wrote: > > I've been using my own patched version of cryptsetup that allows a key > entered in hex format to be interpreted as such and not hashed. My key > was generated by rolling dice and has nothing to gain from hashing, > but there seems to be no way to avoid hashing with LUKS formatted > devices using the standard version (unless things have changed > lately). I sent my patch to the Debian maintainer who said I'd have to > take it to the upstream developers, but that they've been opposed to > the idea in the past. Does anyone have any further insights into this > issue? LUKS is about delivering save-as-you-can-get encryption for _regular_ user passphrases like: "hello","123","tim". When you have an entropy rich key, use "cryptsetup create". Or even better, use dmsetup. It supports hex keys directly. Also hashing should not weaken your password, so I don't get the reason why you want to avoid it. (IIRC, SHA1 is no universal hash, but it should be good enough for pratical purposes). -- Fruhwirth Clemens - http://clemens.endorphin.org --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
