Hopeless@xxxxxxxxxxxxxxxxx wrote: > I've been playing around with a command line pbkdf2 app, to feed generate > a key to cryptsetup, what I came up with uses either libgcrypt or > libtomcrypt (which supplies it's own pbkdf2 function). Hi, there is already patch I sent some time ago http://code.google.com/p/cryptsetup/issues/detail?id=10 (but it is not final patch, I would like to use backend infrastructure and add selection of hash instead of hardcoded SHA1 here) > Anyway, what I wanted to bring up was the gcrypt function I'm using, which > is based on this, which may be of use to you; > http://lists.gnupg.org/pipermail/gcrypt-devel/2002-December/000202.html Yes, I used that implementation of PBKDF in patch above too. > The reason I used tomcrypt as well is because it seems to be about 50% > faster for all hashes they have in common (other than whirlpool, where > gcrypt is ~50% faster), also this is with libgcrypt compiled with -O3, > which is easily more than TWICE as fast as when it's compiled with -O2... The speed of hash calculation is not so important here. It is just about initialization of key for kernel dm-crypt. And there are other reasons why stick with gcrypt, it is already used and available almost everywhere. Milan --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
