I don't see the issue. Collisions are unusable when somebody else does the hash. Collisions only help when you do both, e.g. create something with a hash that collides and then have one sign by some organization and use the other for the attack. As an example say you have A = "I am honest <something>" and B = "I am a criminal <something>" with a hash collision. Then you have a CA give you a certificate for A and you can use that to put B into a modified version. Then B would be a valid certificate that the CA never saw or signed. Consequentially, you should note that SHA1 is used in LUKS for the AF splitter, i.e. it would need to be reversed to have any effect, a collision will not help at all. SHA1 is also used in an iterated fashion, making any attack much, much harder. SHA1 is also used in PBKDF2, but again in an iterated fashion and in a way that would require an attacker to reverse it. Collisions do not help. I would say no relevance at all now and unless somebody manages to reverse SHA1 with very, very low effort, no relevance for the future. Arno On Fri, May 01, 2009 at 02:47:53PM +0200, Heinz Diehl wrote: > Hi, > > this paper says it all: > http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf > > How deeply is LUKS/dmcrypt affected by these results? > Are there plans to shift the hash spec used in LUKS/dmcrypt to something else > in the future? > > Cheers, > Heinz. > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
