Hi all, just to prevent people from again comming in here and claiming LUKS is insecure because it uses SHA1, or to have somethign handy to point them to: Refercence: https://www.schneier.com/blog/archives/2015/10/sha-1_freestart.html Explanation: This is about finding collisions. Like when you use SHA1 to hash a certificate and then sign that hash. A collision there lets you modify the contents of a certificate in very limited fashion while keeping the signature intact. Now, a collision means that at the very least you have one input and its hash-value and you are looking for a second input producting the same hash value. Alternatively, you want to create two inputs with the same hash-value, but do not care what that value is. Differently from that, in order to break LUKS, you have to generate an input for a known hash value. That is a _lot_ more difficult. And you have to do it for the hash being iterated 10'000 times (gives you the master-key from its checksum), when currently it is exceptionally hard (or rather still infeasible) to do it for one iteration. Iteration is also done with PBKDF2, which makes it even more hard as you cannot do it iteration-by-iteration. So, no, the current LUKS defaults are _not_ broken because of SHA1. They are unlikely to be broken because of SHA1 in the next few decades and it is even possible that the use of SHA1 in LUKS will stay secure forever, because total available computing power in this universe is not actually that large. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
