On 03/29/2010 10:21 PM, Jamaal Speights wrote: > When I do dmsetup table [name] --showkey > > I see aes-cbc-plain. Then 64 characters. I see the first 40 are the > *RIPEMD-160 Hash* of my password. What are the last 24 characters? > > ripemd160_passphrase + ?????? you mean after plain create command (iow not using LUKS?) The key is generated by hashing passphrase in rounds, so first is plain hash of passphrase (default is ripemd160), if requested key is larger some fixed chars are added to password and it is hashed again. (I think it is taken from hashalot package.) See gcrypt_hash in source, it is original algorithm from old cryptsetup. Or you can use pregenerated key in plain mode from keyfile. Or you can use passphrase directly as key (zero padded) See man page. LUKS generates master key always from RNG, passphrase just unlock key slot where it is stored. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
