From: Milan Broz <mbroz@redhat.com>
To: Tero Pesonen <dmcrypt-list@tpesonen.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Question on LUKS master key digest and its effect on security
Date: Fri, 18 Sep 2009 20:16:22 +0200 [thread overview]
Message-ID: <4AB3CE76.5040502@redhat.com> (raw)
In-Reply-To: <200909182039.44953.dmcrypt-list@tpesonen.net>
Tero Pesonen wrote:
> from the digest output. Now if it is true that the LUKS master key
> digest is truly the SHA-1 derived digest of the master key, then to me
> it seems the LUKS-dm-crypt security relies on this weak point, not on
> the AES-128, for example. I guess I must be wrong here?
Note that hash verification is not applied directly to master key, but to
result of PBKDF2 (with DigestKey iterations) where master key is only on its input.
See LUKS_verify_master_key() in code to verify that.
Please read archive of this list, explaining that sha-1 is not problem is
here http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3300
> I tried, nevertheless, to create a new LUKS partition with a different
> hash spec, but despite what I provided for the --hash=HASH (e.g.
> SHA256) it always created a partition with hash spec SHA1 (and hence a
> 20 HEX chars long digest.)
Yes it was hardcoded to use sha1. But it is no longer true anyway.
Using another hash (all algorithms provided by libgcrypt) is already
implemented in devel code.
There is only one 20 bytes in LUKS header for digest verification,
so final verification of digest uses only first 160bits, but it is
not a security problem.
(And I'll release testing version soon with this code.)
Milan
next prev parent reply other threads:[~2009-09-18 18:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-18 17:39 [dm-crypt] Question on LUKS master key digest and its effect on security Tero Pesonen
2009-09-18 18:16 ` Milan Broz [this message]
2009-09-18 20:18 ` Tero Pesonen
2009-09-22 15:08 ` Tero Pesonen
2009-09-22 15:47 ` Milan Broz
2009-09-22 17:47 ` Tero Pesonen
2009-09-22 16:14 ` [dm-crypt] Question on LUKS master key digest and its effect on?security Heinz Diehl
2009-09-22 16:21 ` Milan Broz
2009-09-19 16:51 ` [dm-crypt] Question on LUKS master key digest and its effect on security Heinz Diehl
2009-09-19 19:00 ` Milan Broz
2009-09-20 11:28 ` Heinz Diehl
2009-09-20 15:09 ` Heinz Diehl
2009-09-20 18:11 ` Milan Broz
2009-09-20 21:03 ` Heinz Diehl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AB3CE76.5040502@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=dmcrypt-list@tpesonen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox