Thanks for the replies.
On 19/02/2011, Milan Broz wrote:
--hash is for LUKS header hash (by default is it sha1), IOW the hash
used for anti-forensic splitter and volume key obfuscation (passphrase
is used to unlock LUKS keyslots whe is volume key stored. Volume
key is always generated from random generator during format.)
Is there any benefit to hash size / algorithm strength? It seems like
afsplitter will ensure the split key is the required length regardless
of the hash output.
sha256 in cipher specification is useful only for ESSIV initialization vector.
e.g. aes-cbc-essiv:sha256 - means cipher AES in CBC mode and with ESSIV
initialization vector which uses sha256 (IV is derived from key using
sha256 hash).
Does using sha256 over some other hash outputting only 128 bits offer
any practical benefit, other than decreasing the likelyhood of two IVs
being the same?
It is part of the specification - for more info see project pages
http://code.google.com/p/cryptsetup/ - specification bookmark.)
Thanks for the link, interesting reading.
Thanks,
Eric
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
