Hi, since this commit (present in 1.6.0) "md: Fix Whirlpool flaw." http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=0a28b2d2c9181a536fc894e24626714832619923 seems that Whirlpool hash produces different output if data are written in parts. (If entered as one buffer, it seems to be compatible though.) Unfortunately, cryptsetup in its anti-forensic filter uses something like this: gcry_md_write(iv, iv_size) gcry_md_write(buf, buf_size) gcry_md_read ... Change above seems to breaks all LUKS devices which used Whirlpool as hash before and upgraded to gcrypt 1.6.0 (cryptsetup cannot open them anymore). See for example https://bbs.archlinux.org/viewtopic.php?id=175737 Is my assumption that all whirlpool implementations before libgcrypt 1.6.0 are broken if used this way? (Using different crypto backend seems to support this assumption...) Thanks, Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
