From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 27 Feb 2014 23:36:49 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-44-24.dclient.hispeed.ch [77.57.44.24]) by v6.tansi.org (Postfix) with ESMTPA id DAC8F34FA001 for ; Thu, 27 Feb 2014 23:36:48 +0100 (CET) Date: Thu, 27 Feb 2014 23:36:47 +0100 From: Arno Wagner Message-ID: <20140227223647.GA11463@tansi.org> References: <530F4E30.6000204@gmail.com> <20140227214453.GA4618@fancy-poultry.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140227214453.GA4618@fancy-poultry.org> Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Thu, Feb 27, 2014 at 22:44:53 CET, Heinz Diehl wrote: > On 27.02.2014, Milan Broz wrote: > > > * Add internal "whirlpool_gcryptbug hash" for accessing flawed > > Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). > > > > The gcrypt version of Whirlpool hash algorithm was flawed in some > > situations. > > Just to be shure: if I create an encrypted partition using > the whirlpool hash algorithm with recent cryptsetup / libgcrypt, > does it have its full strength? As far as I understand this, yes. The old version in libgcrypt was flawed, the repair hence breaks old headers created with it. The caveat in FAQ item 8.3 does still applies though. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato