Re: [PATCH] losetup: support password hashing and specifying the key length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 10, 2007 at 01:52:33PM +0200, Ludwig Nussel wrote:
> Karel Zak wrote:
> > On Wed, Aug 29, 2007 at 01:23:42PM -0600, LaMont Jones wrote:
> > 
> > > Subject: [PATCH] losetup: support password hashing and specifying the key length
> > > 
> > > * add support for password hashing (sha512, sha384, sha256, rmd160).
> > > * add support for loop-AES style strings like "twofish256" for
> > >   specifying the encryption algorithm and key length.
> > 
> >  I'd like to fix losetup, because it works incorrectly with encryption
> >  key size. It's really old problem. It makes sense use everything from
> >  Ludwig's patch **except** hash functions. It means your non-upstream
> >  stuff will be smaller (hash functions only) and upstream version will
> >  be fixed :-)
> 
> Well, I'm not a crypto expert but IMHO it doesn't make much sense to
> use encryption without hashing the passphrase. The password space is

 The patch is not about cryptoloop cryptographic reliability. The patch
 is trying to fix the old problem with key size setting. Nothing other.
 The final result is the same cryptoloop, but without error messages.

> too small so a simple password or passphrase is unsuitable for use
> with disc encryption. You need the hash function to generate a
> pseudo random key that fully exploits the 16-32 byte key space.

 That's zero improvement without iterations and salt. A simple
 conversion from password to hash is still very easily crackable by
 dictionary attacks.

 BTW, you can use strong and long password or passphrase. It's
 probably better than believe that your password "penguin" is strong
 after conversion to SHA...

> Nevertheless your patch certainly has the benefit of reducing the
> size of the patch that adds hash functions so what about omitting
> the docu about the -e and -k options?

 Hmm... isn't better to explain the problem in the man page rather
 than omit anything?

 Frankly, I'm still not sure. Maybe we (upstream) can completely
 ignore everything around cryptoloop --just because it's deprecated--.
 It means don't add a new option -k or loop-aes encryption style
 strings.

 It would be nice to see more opinions from others.

    Karel

-- 
 Karel Zak  <kzak@xxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux