On Sat, Jul 18, 2009 at 11:03:09AM +1000, Roscoe wrote: > On 7/18/09, martin f krafft <madduck@xxxxxxxxxxx> wrote: > > Sure, but I am still curious. And I think it should be possible to > > change the hash for new slots, which is why I filed Debian bug > > #537385 > > No, it's not possible to use two different hashes, this is simply > because there is only one hash spec field. To do so would require > using a different on disk format to LUKS. > > It would be possible to change from sha1 to another hash for all your > key slots, it would merely require decrypting each keyslot using > PBKDF2/sha1, and then re-encrypting using PBKDF2/newhash. You are right of course. I forgot that the PBKDF2 result is used to protect the single media key. > That's a bit of screwing around coding a niche functionality. > > What I'd like to see is -h support for LUKS in cryptsetup, the ability > to print the bulk payload key and the ability to specify the bulk > payload key with luksFormat (which is useful in other circumstances > too). That way one could achieve what you desire pretty easily.. That would be useful. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
