Re: sha256 in "AF hash" despite using sha512 during luksFormat

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: "doffloster@gmail.com" <doffloster@gmail.com>
Cc: cryptsetup@lists.linux.dev
Subject: Re: sha256 in "AF hash" despite using sha512 during luksFormat
Date: Thu, 15 Sep 2022 16:17:29 +0200	[thread overview]
Message-ID: <aef47dfb-e253-114e-e4a1-fa6c4bf369f1@gmail.com> (raw)
In-Reply-To: <CACHosL_rLDJss0N1rmszEEtsaxpTdXwV9mXHbTNMWO62AauYTQ@mail.gmail.com>

On 10/09/2022 14:53, doffloster@gmail.com wrote:
> 
> Do you mean that the choice of 'sha512' for the flag '--hash' is
> reducing the security strength?
>  From what I could understand, it shouldn't reduce the security strength.

No, I said it will not increase security (while it can increase processing
time and keyslot storage space).

> I executed "cryptsetup --help" and found that the following default
> values are defined:
> 
> "
> Default compiled-in key and passphrase parameters:
...

> As far as I understand, for LUKS2 the default PBKDF algorithm is
> 'argon2id' and default hash is 'sha256'.
> So, I only changed the default hash to 'sha512' by using the flag
> '--hash', though I didn't change the PBKDF algorithm, so it should
> stay the default value, i.e. 'argon2id'.

Yes, it is visible in the luksDump output.
SHA hash was used only for AF for that keyslot.

> Also, I didn't find any mention of the 'Blake64b' hash.

Sorry, my mistake, I meant Blake2b; it uses 64bit words.

See Argon2 RFC:
https://www.rfc-editor.org/rfc/rfc9106.html


Milan

next prev parent reply	other threads:[~2022-09-15 14:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-09 22:50 sha256 in "AF hash" despite using sha512 during luksFormat doffloster
2022-09-10  5:25 ` Milan Broz
2022-09-10  7:26   ` doffloster
2022-09-10  9:21     ` Michael Kjörling
2022-09-10 10:28     ` Milan Broz
2022-09-10 12:53       ` doffloster
2022-09-15 14:17         ` Milan Broz [this message]
2022-09-17 18:15           ` doffloster
2022-09-10 10:34 ` Milan Broz
2022-09-10 12:56   ` doffloster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aef47dfb-e253-114e-e4a1-fa6c4bf369f1@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=cryptsetup@lists.linux.dev \
    --cc=doffloster@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.