From: Heinz Diehl <htd@fancy-poultry.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4
Date: Sun, 2 Mar 2014 08:35:23 +0100 [thread overview]
Message-ID: <20140302073523.GA2122@fancy-poultry.org> (raw)
In-Reply-To: <20140301194424.GA3927@tansi.org>
On 02.03.2014, Arno Wagner wrote:
> > It's not always the facts which leads to action, but the peoples
> > assumptions and beliefs. After all, there's a general disbelief in all
> > things the NSA put their fingers on. That said, it is not hard for me
> > to understand what people moves to use whirlpool over SHAx..
> The advice is not to change crypto parameters unless you
> really know what you are doing. Most people do not and make
> matters worse.
It's perfectly clear to me (and I'm neither using whirlpool nor a
libgcrypt < 1.6.1). What I wanted to point out is that it seems to me
that people have lost their confidence in anything the NSA touched.
Thus, they seem to choose what they believe is most suitable, and not
what is based on facts.
> The only thing we can try to do heres is to
> explain, as, e.g., FAQ Item 5.20 "LUKS is broken! It uses SHA-1!"
> tries to do.
I guess this is not sufficient, unless this is supplemented with a
clear statement on why they should trust something produced by the
NSA. That the recent attacks on SHA-1 are not relevant for
LUKS/dmcrypt is not the point, people understand that. SHA-x is
produced by the NSA, that's the problem. It's a matter of belief, not
facts. The whole Snowden case and all the articles, reports and other
media accompanying it shaped an overall statement: "You can't trust
the NSA". I guess the problem lies right here. And that is why people
choose e.g. whirlpool over the defaults.
There are many well-known theories and models which try to explain
and/or predict such behaviour, see e.g.
http://people.umass.edu/aizen/tpb.diag.html
(I for myself am quite comfortable with the defaults, because the only
purpose of encryption for me is to protect my data on my laptop in
case it gets stolen, and the defaults run fast on that machine. I do
not worry if the NSA has put a backdoor in SHA-1, because it would
hardly ever happen that the thief who stole my machine has that
insider knowledge to use it. So I consider my data to be safe in case
my machine gets stolen, and that's all I want.)
next prev parent reply other threads:[~2014-03-02 7:35 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-27 14:39 [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4 Milan Broz
2014-02-27 17:30 ` Thomas Bächler
2014-02-28 7:51 ` Milan Broz
2014-02-28 11:29 ` Milan Broz
2014-02-28 11:38 ` Arno Wagner
2014-02-28 21:26 ` Sven Eschenberg
2014-02-28 21:46 ` Arno Wagner
2014-02-28 22:06 ` Sven Eschenberg
2014-02-28 23:27 ` Arno Wagner
2014-03-01 7:39 ` Sven Eschenberg
2014-03-01 8:35 ` Milan Broz
2014-03-01 11:32 ` Sven Eschenberg
2014-03-01 16:50 ` Heinz Diehl
2014-03-01 19:44 ` Arno Wagner
2014-03-02 7:35 ` Heinz Diehl [this message]
2014-03-02 15:17 ` Arno Wagner
2014-03-01 13:50 ` Arno Wagner
2014-02-27 21:44 ` Heinz Diehl
2014-02-27 22:36 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140302073523.GA2122@fancy-poultry.org \
--to=htd@fancy-poultry.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.