From Fedora Project Wiki
(cryptsetup-luks seems not to support anything else than SHA1 for luks volumes) |
No edit summary |
||
| Line 6: | Line 6: | ||
</code> | </code> | ||
Therefore it seems not to be possible to use SHA256 with LUKS currently. --[[User:Till|Till]] 17:51, 31 March 2009 (UTC) | Therefore it seems not to be possible to use SHA256 with LUKS currently. --[[User:Till|Till]] 17:51, 31 March 2009 (UTC) | ||
: SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using <code>-h</code> refers to <code>cryptsetup create</code>, i.e. "raw" dm-crypt, not LUKS. [[User:Mitr|Mitr]] 18:02, 31 March 2009 (UTC) | |||
Latest revision as of 18:02, 31 March 2009
From the cryptsetup manpage:
NOTES ON PASSWORD PROCESSING FOR LUKS
LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898). LUKS will always use SHA1 in HMAC mode, and no other mode is supported at the moment. Hence, -h is ignored.
Therefore it seems not to be possible to use SHA256 with LUKS currently. --Till 17:51, 31 March 2009 (UTC)
- SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using
-hrefers tocryptsetup create, i.e. "raw" dm-crypt, not LUKS. Mitr 18:02, 31 March 2009 (UTC)