On Fri, Feb 06, 2015 at 15:01:40 CET, dennis@xxxxxxxxxxxxxxxxx wrote: > On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote: > > If your passphrase is weak enough that a dictionary > > attack has a reasonable success of working (and a dictionary > > attack is the only thing the salt that hashalot adds helps > > against), then you are pretty deep in insecure territory and > > _need_ the hash iteration that LUKS provides, but which is > > missing from both plain and hashalot. > > > >... > > > > Please do not spread unsubstantiated rumors. It is hard enough > > these days for non-experts to decide what crypto to trust > > and what not. Rumors of the kind "metadata headers offer > > attack vectors" make this even worse. > > Count me among the non-experts. I have two questions. (a) Wouldn't > metadata headers incur a loss of plausible deniablity compared to > plain mode, especially when an encrypted filesystem image is stored as > a single file on backup media or in the backing file for a loopback > device? In theory, yes, in practice no. See FAQ Item 5.18. Plausible deniability is a fantasy that does not hold up in reality. See also http://xkcd.com/538/. This really _is_ accurate. >(b) Assuming a secure passphrase, wouldn't plain mode be more > secure than luks against possible vulnerabilities in the hashing > algorithm that may be discovered in the future? No. First, plain mode also hashes. And second, basically all potential vulnerabilities of modern hash functions (collisions, reversing) do not apply to the use as pasword-hashing functions. You can hash passwords with MD5 and be perfectly secure, while MD5 is fully broken for things like signing. The only problem is a (very slow) convergence towards half the bits in iterated hashing, but PBKDF2 fixes that. Gr"usse, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
