From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 26 Aug 2015 14:52:06 +0200 (CEST)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1ZUaBJ-0003VS-Rz
 for dm-crypt@saout.de; Wed, 26 Aug 2015 14:51:57 +0200
Received: from HSI-KBW-149-172-137-137.hsi13.kabel-badenwuerttemberg.de
 ([149.172.137.137])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Wed, 26 Aug 2015 14:51:57 +0200
Received: from wurzelsepp1337 by
 HSI-KBW-149-172-137-137.hsi13.kabel-badenwuerttemberg.de with local (Gmexim
 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Wed, 26 Aug 2015 14:51:57 +0200
From: Heinz <wurzelsepp1337@web.de>
Date: Wed, 26 Aug 2015 12:51:48 +0000 (UTC)
Message-ID: <loom.20150826T143643-652@post.gmane.org>
References: <b9d3bc6d617a859589e1a93a5c65af85@www.mighty.co.za>
 <20131211180419.GA13829@tansi.org> <loom.20150822T042840-431@post.gmane.org>
 <20150822135843.GA1028@tansi.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] question regarding Sha1 and 512 bit key xts mode
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Arno Wagner <arno@...> writes:

> SHA1 is a "best possible" for this case. Seriously.

Okay. I always strive to understand, and i'm interested in the respective
backgrounds.

> Not to "break" it. To reverse it in one instance.
> To break it, you have to compute that table.

Okay probably not so simple.

> > Okay respect brute-force attacks is a key space of 16^128 in fact
> > impossible, but why not exploit the maximum of what is possible? :)
> 
> Simplicity, use of well-knonw components, prevention of 
> over-engineering. All well known and valuable engineering 
> practices. Also note that in order to change the hash,
> code has to be changed and that comes with the risk of 
> introducing bugs. "If it aint broke, don't fix it" is
> another very important engineering principle.
> 
> Listen, I can understand your view. Every budding crypto-nerd
> goes through it, and I certainly have. But it is something 
> you eventually grow out of when you understand the larger 
> picture.
> 
> Regards,
> Arno
> 

No problem, i understand what you wanted to tell me, and can understand that
you should definitely consider again the overall picture.

Thanks.