From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 18 Nov 2009 14:26:12 +0100 (CET) Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAIDQBlF003572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 18 Nov 2009 08:26:11 -0500 Received: from [10.34.32.183] (mazybook.englab.brq.redhat.com [10.34.32.183]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nAIDQA4g015123 for ; Wed, 18 Nov 2009 08:26:10 -0500 Message-ID: <4B03F5F2.9080609@redhat.com> Date: Wed, 18 Nov 2009 14:26:10 +0100 From: Milan Broz MIME-Version: 1.0 References: <4B032794.6090104@gmx.net> <20091118054555.GB28949@tansi.org> <4B03C5EE.7010702@gmx.net> <20091118102515.GB30910@tansi.org> <4B03D865.8070905@redhat.com> In-Reply-To: <4B03D865.8070905@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] different default key sizes for CREATE and LUKSFORMAT List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/18/2009 12:20 PM, Milan Broz wrote: > For default LUKS header hash: > > - default is SHA1 > > switching to another (probably SHA-256?) means complete incompatibility > with all cryptsetup <1.1.x, this need some time when all most distros > use new cryptsetup. > No need to hurry, there is no problem with SHA1 in this application > of hash function. Also I think we can increase MK digest iterations (default is now 10, increasing it to 1000 should not cause any performance problems. Just make the possible attack to MK digest more complicated if some hash is completely broken in future.) Does this make sense of it is not needed? Milan