From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 22 Sep 2009 17:47:03 +0200 (CEST) Message-ID: <4AB8F174.2010800@redhat.com> Date: Tue, 22 Sep 2009 17:47:00 +0200 From: Milan Broz MIME-Version: 1.0 References: <200909182039.44953.dmcrypt-list@tpesonen.net> <4AB3CE76.5040502@redhat.com> <200909182318.26032.dmcrypt-list@tpesonen.net> <200909221808.28418.dmcrypt-list@tpesonen.net> In-Reply-To: <200909221808.28418.dmcrypt-list@tpesonen.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Question on LUKS master key digest and its effect on security List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Tero Pesonen Cc: dm-crypt@saout.de Tero Pesonen wrote: > Since there have been no comments on this, I was wondering if I should > rather send questions of this sort on scri.crypt or some such place > where these kind of topics are discussed? If so, is the iteration count > 10 for the PBKDF2 correct? (So that I am able to formulate my question > right and not pass on wrong information.) Yes, 10 is currently hardcoded: // Numbers of iterations for the master key digest #define LUKS_MKD_ITER 10 If you need Clemens' formal LUKS specification it is here http://cryptsetup.googlecode.com/svn-history/r42/wiki/LUKS-standard/on-disk-format.pdf Please cc me if you receive analysis in reply, thanks. (And btw independent code review to find possible implementation mistakes is always welcomed too, mainly now after reimplementation PBKDF2 and AF to use gcrypt and allowing other hash algorithms:-) Milan -- mbroz@redhat.com