Karel Zak wrote: > On Wed, Oct 10, 2007 at 01:52:33PM +0200, Ludwig Nussel wrote: > > too small so a simple password or passphrase is unsuitable for use > > with disc encryption. You need the hash function to generate a > > pseudo random key that fully exploits the 16-32 byte key space. > > That's zero improvement without iterations and salt. A simple > conversion from password to hash is still very easily crackable by > dictionary attacks. > > BTW, you can use strong and long password or passphrase. It's > probably better than believe that your password "penguin" is strong > after conversion to SHA... Sure, with such a simple word all hope is lost either way. Anyways, if you add the hash function feature only if there is also support for salt and iterations I'd implement that as well :-) The loop-AES patch actually supports both but I hesitated to implement them as users don't actually seem to use those options much. loop-AES uses AES for the iterations though so a patch for that would need to also include the AES algorithm. > > Nevertheless your patch certainly has the benefit of reducing the > > size of the patch that adds hash functions so what about omitting > > the docu about the -e and -k options? > > Hmm... isn't better to explain the problem in the man page rather > than omit anything? I'm not good in explaining things :-) > Frankly, I'm still not sure. Maybe we (upstream) can completely > ignore everything around cryptoloop --just because it's deprecated--. > It means don't add a new option -k or loop-aes encryption style > strings. Personally I just like to see it because users want to continue to conveniently be able to mount their legacy files. There is no other way to let regular users mount an encrypted file. LUKS with help of hal works fine for e.g. usb memory sticks but for loop mounted files or legacy partitions there is no good solution. I think the idea of some dm-crypt plugin for mount was already brought up on the list. Although that would probably just shift the above discussion to another backend technology :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) - To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
