Talk:Hash algorithm migration status

From FedoraProject

Jump to: navigation, search

From the cryptsetup manpage:

NOTES ON PASSWORD PROCESSING FOR LUKS

      LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).  LUKS will always use SHA1 in HMAC mode, and no  other  mode  is  supported  at  the moment.  Hence, -h is ignored.

Therefore it seems not to be possible to use SHA256 with LUKS currently. --Till 17:51, 31 March 2009 (UTC)

SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using -h refers to cryptsetup create, i.e. "raw" dm-crypt, not LUKS. Mitr 18:02, 31 March 2009 (UTC)