Ok, once more, I'm slow ... 1. The key is always hashed (not just when generated from a passphrase) 2. The used hash function effectively limits the strength of the key to 160 bits while still encrypting with the full key length. If this is true it is a serious limitation and means that 256bit keys are currently useless. Seeing as 192bit keys are faster and less bits are wasted that should definitely be the recommendation for max key size in the man page etc ... Please do correct me. Cheers, C. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
