On Sat, Mar 01, 2014 at 17:50:25 CET, Heinz Diehl wrote: > On 01.03.2014, Milan Broz wrote: > > > (I would say - this is a good lesson to think why there are safe defaults > > and why you should not change encryption parameters without good reason :-) > > It's not always the facts which leads to action, but the peoples > assumptions and beliefs. After all, there's a general disbelief in all > things the NSA put their fingers on. That said, it is not hard for me > to understand what people moves to use whirlpool over SHAx.. Which leads to its own set of problems, as recently seen... The advice is not to change crypto parameters unless you really know what you are doing. Most people do not and make matters worse. The only thing we can try to do heres is to explain, as, e.g., FAQ Item 5.20 "LUKS is broken! It uses SHA-1!" tries to do. Just changing some things with no clear understanding why they may or may not be bad is worse than running with the defaults. Face it, unless you are an experty for the use of crypto, you have no chance of coocking up your own parameter set that is reliably "better", but have a good chance of making things worse. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
