On Sun, Aug 23, 2015 at 20:51:42 CEST, Sven Eschenberg wrote: > On Sat, August 22, 2015 05:38, Heinz wrote: > > Arno Wagner <arno@...> writes: > > > >> No, that is not the statement. The statement is that collision attacks > >> (the SHA1-weakness) are irrelevant for password hasing. > > > > Or in other words, SHA1 is secure in this case. But why not always use the > > best possible hash algorithm, instead of an option which is at least safe? > > I would logically use always the strongest one, purely as a precaution, > > and > > not what has already demonstrated weaknesses of any kind. I would not want > > to wait if SHA1 really holds a long time. :) > > Sorry to intervene here. Hashing in LUKS is only used to check if a > password/passphrase is a candidate. So, even if you manage to find a > collision, the worst that can happen is, that LUKS accepts the > 'collisison' as valid key and you'll get gibberish on the mapping. Your > encrypted data will be useless 'random' data and is not compromised then. I seem to remember that PBKDF2 gets the hash discussed (SHA1) as input and also that the AF splitter uses it. Still not an issue. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
