Am 12.02.2014 15:19, schrieb Arno Wagner: > -h is the hash that the plain-text password is put through > to turn it into a binary value of certain defined length. > -c specifies the hash that goes into pbkdf2 for the hash > iteration. Are you sure? I was under the impression that '-c' only affects the cipher parameter passed to dm-crypt - a hash would then be relevant for cipher modes like cbc-essiv, but xts-plain64 would ignore it. Thus, cryptsetup has default like 'aes-cbc-essiv:sha256', since essiv needs a hash, and aes-xts-plain64, since xts does not need a hash. According to the manpage, -h is what is used in PBKDF2 in luksFormat mode, or to hash the passphrase in plain mode. To me, this makes much more sense than what you said.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
