On Fri, May 28, 2010 at 12:56:15PM +0200, Christoph Anton Mitterer wrote: > Can/should I change it to something "better" (e.g. SHA512)? No. SHA1 is not broken for this use at all. There are indications that SHA1 may have collisions that can be practically found, but for SHA1 to be broken as a password hasher (with the hash value being secret), it would need to have low output entropy. This is about the easiest thing to get right in crypto hash design and in fact does not even need a crypto hash at all to be secure. You may be thinking of the case where the hash output is known and an attacker tries to guess a hash input that produces the same hash output. This is not the situation with LUKS, since an attacker that has the hash output can already open the LUKS encryption. Hence the hash output is also secret and stored nowhere in the system, unless the LUKS device is open, in which case the attacker can simply access its contents. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
