From the cryptsetup manpage:
NOTES ON PASSWORD PROCESSING FOR LUKS
LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898). LUKS will always use SHA1 in HMAC mode, and no other mode is supported at the moment. Hence, -h is ignored.
Therefore it seems not to be possible to use SHA256 with LUKS currently. --Till 17:51, 31 March 2009 (UTC)
- SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using
cryptsetup create, i.e. "raw" dm-crypt, not LUKS. Mitr 18:02, 31 March 2009 (UTC)