On 11/18/2009 12:20 PM, Milan Broz wrote: > For default LUKS header hash: > > - default is SHA1 > > switching to another (probably SHA-256?) means complete incompatibility > with all cryptsetup <1.1.x, this need some time when all most distros > use new cryptsetup. > No need to hurry, there is no problem with SHA1 in this application > of hash function. Also I think we can increase MK digest iterations (default is now 10, increasing it to 1000 should not cause any performance problems. Just make the possible attack to MK digest more complicated if some hash is completely broken in future.) Does this make sense of it is not needed? Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
