Re: Few questions from a new user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


If you look at the header specification linked here:
  http://code.google.com/p/cryptsetup/wiki/Specification

in Figure 1 you find the cipher and mode for the actual disk
encryption, and the "hash-spec" which is the hash-function
used by PBKDF2.

Sorry, I was confused yesterday, you can change the hash.
(I had just though about PBKDF2 which you cannot easily
change to, say, scrypt...)


Thanks for the clarification,your comment seemed to be in contradiction with what i was understanding from reading the spec and i even peeked at cryptsetup source code to make a sense of your comment before giving up because i was spending too much time on something that will amount to nothing.

 
So changing the hash does not do anything, really as the
attacker can only try to brute-force the passphrase and
that takes the same effort for SHA-1 and for SHA-512.

 
cryptsetup 1.6.0 changed default cipher mode from cbc to xts not because cbc had practical issues but because xts was becoming a standard[1].Sometimes it makes sense to be where everybody else is if being anywhere is just as good as being anywhere else.If it makes not practical difference btw SHA1 and SHA2,then moving away from SHA1 seem like a good idea with the reason being having one less thing to explain in the FAQ.

[1] http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/6409
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux