From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Thu, 19 Nov 2009 08:41:06 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTP id D11884250002
	for <dm-crypt@saout.de>; Thu, 19 Nov 2009 08:41:05 +0100 (CET)
Date: Thu, 19 Nov 2009 08:41:05 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20091119074104.GC8694@tansi.org>
References: <4B032794.6090104@gmx.net> <20091118054555.GB28949@tansi.org>
	<4B03C5EE.7010702@gmx.net> <20091118102515.GB30910@tansi.org>
	<4B03D865.8070905@redhat.com> <4B03F5F2.9080609@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B03F5F2.9080609@redhat.com>
Subject: Re: [dm-crypt] different default key sizes for CREATE and	LUKSFORMAT
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Wed, Nov 18, 2009 at 02:26:10PM +0100, Milan Broz wrote:
> On 11/18/2009 12:20 PM, Milan Broz wrote:
> > For default LUKS header hash:
> > 
> > - default is SHA1
> > 
> > switching to another (probably SHA-256?) means complete incompatibility
> > with all cryptsetup <1.1.x, this need some time when all most distros
> > use new cryptsetup.
> > No need to hurry, there is no problem with SHA1 in this application
> > of hash function.
> 
> Also I think we can increase MK digest iterations
> (default is now 10, increasing it to 1000 should not cause any performance
> problems. Just make the possible attack to MK digest more complicated
> if some hash is completely broken in future.)
> 
> Does this make sense of it is not needed?

If I understand this correctly, this is the "iteration-count" 
parameter to PBKDF2. If so, then RFC 2898 recommends a minimum 
count of 1000 anyways. This is hovever not protection against 
a broken hash, as even a very weak hash should be extremely 
hard to break when iterated 10 times. The main purpose of this 
parameter is to make exhaustive search more expensive. I think 
this should definitely go up to 1000.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier