On Tue, Dec 09, 2014 at 15:33:45 CET, John Lane wrote: > Just trying to satisfy my curiosity... hope that's ok... > > When I do plain mode I can specify a hash or accept the default, ripemd160. > > That isn't the full story, however, as the hash (160 bits) is stretched > to the key size (256 bits). > > I've checked the source and can see the algorithm in the code > (crypt_plain.c#30-62). > > I don't fully understand it but just wondered if that's some standard > alg similar PBKDF2 (which it isn't) or something specifc to cryptsetup? You mean the stretching? Generally, stretching keys for a block-cipher is non-critical and you could just fill the key up with zeros. For a tiny bit more in security, you usually pad with something non-zero. You can also add a bit of iteration, hash in key-lengh, positions, etc. As long as you do not mess this up, you can only make the result stronger, not weaker. > I'm also curious about the "hack from hashalot". By googling that phrase > I find it's been copied into a number of other things. Probably something hashalot did first. My guess is that it was taken as hashalot has been around for some time and has gotten some attention, and hence is less likely to have some flaw in this. Arno > Like I said, just curious. > > Thanks, > John > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
