From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Joh4mlAwyjNm for ; Sun, 19 Jan 2014 20:49:46 +0100 (CET) Received: from mail-ee0-x22b.google.com (mail-ee0-x22b.google.com [IPv6:2a00:1450:4013:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Sun, 19 Jan 2014 20:49:45 +0100 (CET) Received: by mail-ee0-f43.google.com with SMTP id c41so3037731eek.16 for ; Sun, 19 Jan 2014 11:49:44 -0800 (PST) Message-ID: <52DC2C55.4020701@gmail.com> Date: Sun, 19 Jan 2014 20:49:41 +0100 From: Milan Broz MIME-Version: 1.0 References: <52D975A3.6080609@gmail.com> <87sismz76l.fsf@vigenere.g10code.de> <52D9995F.1070808@gmail.com> <87fvokys88.fsf@vigenere.g10code.de> In-Reply-To: <87fvokys88.fsf@vigenere.g10code.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Werner Koch Cc: dm-crypt , gcrypt-devel@gnupg.org On 01/19/2014 03:13 PM, Werner Koch wrote: > On Fri, 17 Jan 2014 21:58, gmazyland@gmail.com said: > >> So if there is a "bug emulation flag" it could help to implement it. > > Done in master. The code is not very sophisticated: I added the flag and > then re-added most of the old code. If this works out for you I > will backport it to 1.6 and release a 1.6.1 soon. It works, thanks! Please could you also add pbkdf2 speed fix to 1.6.1? Because cryptsetup supports several backends (where this flawed whirlpool was never present), I won't do any automatic repairs but instead I added internal "whirlpool_gcryptbug" hash name to gcrypt cryptsetup backend (which uses this flag with gcrypt > 1.6.0) This will allow people to use it if really needed. Thanks, Milan