On 07/10/2011 12:29 PM, Jorge Fábregas wrote: > I still get to see 20 HEX characters (160 bits) for the MK digest? I'm sorry. I meant 20 pairs of HEX characters (40 chars) as they appear nicely formatted in the luksDump output. > Shouldn't I see 32 HEX chars (256 bits)? Same here (64 hex characters ). > Or is that sha256 is used in the PBKDF2 process but the function is > instructed to deliver just 160 bits? Ok, I'm going to try to answer myself as I just read again the latest specification. It appears this is the case (just 160 bits even if you use sha256) because there are just 20 bytes available for "mk-digest" in the header. I'm just curious: is having just 20 bytes for the digest a limitation here? Are there any plans to expand this field in the future? > One final thing just to make sure: is the algorithm that appears under > "Hash spec" in the header..is this the same hash-algorithm used (along > with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for > the MK digest? Apparently yes. Sorry for the noise! Regards, Jorge _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
