From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CC2VpV28M_7V for ; Thu, 9 Jan 2014 16:07:01 +0100 (CET) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 9 Jan 2014 16:07:01 +0100 (CET) Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 3C9A552421 for ; Thu, 9 Jan 2014 06:58:31 -0800 (PST) Message-ID: <52CEB90A.1030908@riseup.net> Date: Fri, 10 Jan 2014 01:58:18 +1100 From: "shmick@riseup.net" MIME-Version: 1.0 References: <52CDD2BE.3050101@gmail.com> <20140109065107.GA11570@tansi.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Few questions from a new user List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de .. ink ..: > On Thu, Jan 9, 2014 at 1:51 AM, Arno Wagner wrote: > >> Hi Konrad, >> >> On Wed, Jan 08, 2014 at 23:35:42 CET, Konrad wrote: >>> I am new to disk encryption and I have been reading on it for the >>> last days, but I am still confused on some points. I would >>> appreciate if someone knowledgeable could clue me in. >> >> If you have not found it yet, the FAQ is at >> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions >> >>> 1. Is SHA1 just as secure for this purpose as SHA512? After reading >>> cryptsetup docs I have a feeling that yes, but I get conflicting >>> opinions from various people, so I thought it's best ask at the >>> source. >> >> It is. These "various people" likely do not understand what the >> attacks on SHA1 actually are but merely heard that it was "insecure". >> See also FAQ Item 5.20 >> >> > We live in the world of twitter where you automatically loose when you need > to explain yourself. you might - not everybody else does > > More and more of this type of question will start to show up and this > inquiry just showed an explanation in the FAQ is not enought to offer > assurance and giving an answer each and every time here will get boring > pretty soon and rudeness will ensue. wouldn't need to if one slows down, takes a cup of coffee and read elsewhere on the big old internet patience is a virtue; you won't be secure if you're in a hurry > > Whats the worse that could happen if the default is switched to SHA2?If it > makes no practical difference,then switching seem to be a better > alternative just to silence these kind of questions as their existence puts > doubt in cryptsetup's security robustness. you don't have to use defaults - you're free to do what you like but show us that defaults are not safe; please do > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt >