[prev in list] [next in list] [prev in thread] [next in thread]
List: dm-crypt
Subject: Re: [dm-crypt] LUKS --hash vs. --cipher whatever:hash
From: Eric Bauman <baumane () livejournal ! dk>
Date: 2011-02-19 18:39:18
Message-ID: ijp2om$plj$1 () dough ! gmane ! org
[Download RAW message or body]
Thanks for the replies.
On 19/02/2011, Milan Broz wrote:
> --hash is for LUKS header hash (by default is it sha1), IOW the hash
> used for anti-forensic splitter and volume key obfuscation (passphrase
> is used to unlock LUKS keyslots whe is volume key stored. Volume
> key is always generated from random generator during format.)
Is there any benefit to hash size / algorithm strength? It seems like
afsplitter will ensure the split key is the required length regardless
of the hash output.
> sha256 in cipher specification is useful only for ESSIV initialization vector.
> e.g. aes-cbc-essiv:sha256 - means cipher AES in CBC mode and with ESSIV
> initialization vector which uses sha256 (IV is derived from key using
> sha256 hash).
Does using sha256 over some other hash outputting only 128 bits offer
any practical benefit, other than decreasing the likelyhood of two IVs
being the same?
> It is part of the specification - for more info see project pages
> http://code.google.com/p/cryptsetup/ - specification bookmark.)
Thanks for the link, interesting reading.
Thanks,
Eric
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic