Re: [dm-crypt] SHAx and LUKS/cryptsetup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] SHAx and LUKS/cryptsetup
Date: Sun, 09 Mar 2014 20:53:02 +0100	[thread overview]
Message-ID: <531CC69E.8000300@gmail.com> (raw)
In-Reply-To: <20140309183204.GA2999@fancy-poultry.org>

On 9.3.2014 19:32, Heinz Diehl wrote:
> On 09.03.2014, Milan Broz wrote:
>
>> If you are using kernel backend (not gcrypt one)
>
> I do :-)
>
>> sha1 is used as test that interface works.
>
> Ok, all good! So this is it. Thanks a lot!

Just to clarity it little bit:

Kernel userspace crypto API was (and still is)
quite undocumented, and testing SHA1 (which is mandatory
for LUKS backend support) was the simplest way how
to verify kernel backend works reliably.
(In some kernel versions it was impossible to check if just algorithm
is missing or the whole kernel socket interface is not available.)

It actually does not compute any sha1 hash, it just tries
to initialize it.

BTW I found some problems with kernel backend so use with care.

One problem is e.g. backend cannot use longer
key for HMAC than 20480 bytes (at least on my 32bit VM),
which can cause problems for larger keyfiles in PBKDF2.

I have workaround for this but will need some time to finish
it (I do not want to touch internal PBKDF2 without adding test
vectors and other tests.)

Milan

next prev parent reply	other threads:[~2014-03-09 19:54 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-09 17:42 [dm-crypt] SHAx and LUKS/cryptsetup Heinz Diehl
2014-03-09 18:01 ` Milan Broz
2014-03-09 18:32   ` Heinz Diehl
2014-03-09 19:53     ` Milan Broz [this message]
2014-03-09 20:15       ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=531CC69E.8000300@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.