On 07/08/2010 04:29 PM, Sven Eschenberg wrote: > Hi Milan, > > Even worse, actually byte swappig is done to store the int in a big > endian manner, unfortunately, since it is done wrong, on big endian > systems all block indeces would be zero and they are part of the Derived > Key. I wonder if this has a security impact as in quality of derived key > on big endian systems. You mean when int is big endian and 64bit? Do you see system where it is wrong or just guessing? There is no direct key encryption derived using this code, it is just keyslot obfuscation + keyslot passphrase verification (master key in LUKS is generated from RNG) (plain crypt do not use this at all) That algorithm is not new and passed PBKDF2 test vectors (I will probably add this test to api check also). I run test on several architectures - all keyslot operation should fail on prepared image if there is such bug. (But it should explicitly use uint32 there.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
