On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote: > If your passphrase is weak enough that a dictionary > attack has a reasonable success of working (and a dictionary > attack is the only thing the salt that hashalot adds helps > against), then you are pretty deep in insecure territory and > _need_ the hash iteration that LUKS provides, but which is > missing from both plain and hashalot. > >... > > Please do not spread unsubstantiated rumors. It is hard enough > these days for non-experts to decide what crypto to trust > and what not. Rumors of the kind "metadata headers offer > attack vectors" make this even worse. Count me among the non-experts. I have two questions. (a) Wouldn't metadata headers incur a loss of plausible deniablity compared to plain mode, especially when an encrypted filesystem image is stored as a single file on backup media or in the backing file for a loopback device? (b) Assuming a secure passphrase, wouldn't plain mode be more secure than luks against possible vulnerabilities in the hashing algorithm that may be discovered in the future? _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
