On 03/13/2011 07:58 PM, Maciej Pilichowski wrote: >> I guess it is "sha1", if so, simply remove rmd320 hash option and >> it will work again. > > You are 100% correct and thank you million times for help! The sad > fact is I am example of blindly trusting other parties, that > something actually works, when it does not. "plain" mode means directly configured dmcrypt - no metadata on disk. In cryptsetup it is used in "create" command. In this mode you either provide key directly or key is just hashed passhprase. In LUKS, the encryption key is always generated from RNG (random number generator) and passhprase just unlocks and decrypts metadata area on disk, where is this key stored. So for LUKS there is no passphrase hashing thus that parameter was not needed (in its former meaning). But because LUKS uses a hash internally (in PBKDF2, AF splitter and key digest) (for exact description see http://code.google.com/p/cryptsetup/wiki/Specification) and some people want to user different algorithm, this option was added even for LUKS mode. (But changing the hash means backward incompatible setting.) side note: Still, no need to worry about SHA1 use here. Until SHA1 remains one-way function, it should not cause problems here. Collision resistance or second preimage is not problem for this use - even if you are able to find collision (with all the iterations), the worst situation I can imagine is that cryptsetup will accept this key (key digest), but because decrypted key is collision key, not real key, you will get garbage instead of real data. For anti-forensic splitter are these attacks irrelevant as well. Quite simplified - please correct me, if am I wrong here:-) >> (Hash switch was useful only for plain mapping for passphrase >> hashing.) > > If I may ask a bit off-topic question: > * you wrote "was", so now it is useful in general? > * what do you mean by "plain mapping"? (I googled with no success) See above. I meant that -h is now used for LUKS as well, just doing something different. For plain mode (passphrase hashing) it remains exactly the same. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
