* [dm-crypt] LUKS --hash vs. --cipher whatever:hash
@ 2011-02-18 17:59 Eric Bauman
2011-02-18 19:42 ` Milan Broz
0 siblings, 1 reply; 3+ messages in thread
From: Eric Bauman @ 2011-02-18 17:59 UTC (permalink / raw)
To: dm-crypt
Hello,
I'm interested in the difference between, --hash sha256 and --cipher
whatever:sha256.
Couldn't find anything in The Fine Manual, so any pointers in the right
direction would be much appreciated.
Thanks,
Eric
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] LUKS --hash vs. --cipher whatever:hash
2011-02-18 17:59 [dm-crypt] LUKS --hash vs. --cipher whatever:hash Eric Bauman
@ 2011-02-18 19:42 ` Milan Broz
2011-02-19 18:39 ` Eric Bauman
0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2011-02-18 19:42 UTC (permalink / raw)
To: Eric Bauman; +Cc: dm-crypt
On 02/18/2011 06:59 PM, Eric Bauman wrote:
> I'm interested in the difference between, --hash sha256 and --cipher
> whatever:sha256.
Hi,
For LUKS mode (luksFormat / luksOpen):
--hash is for LUKS header hash (by default is it sha1), IOW the hash
used for anti-forensic splitter and volume key obfuscation (passphrase
is used to unlock LUKS keyslots whe is volume key stored. Volume
key is always generated from random generator during format.)
sha256 in cipher specification is useful only for ESSIV initialization vector.
e.g. aes-cbc-essiv:sha256 - means cipher AES in CBC mode and with ESSIV
initialization vector which uses sha256 (IV is derived from key using
sha256 hash).
(For othes modes, like XTS, you do not need to use ESSIV because
the problem of predictable IV is solved by mode itself - so you can have
e.g. aes-xts-plain64. For LUKS header you must use some hash always.
It is part of the specification - for more info see project pages
http://code.google.com/p/cryptsetup/ - specification bookmark.)
For plain mode (cryptsetup create command):
--hash means which hash alg. will be used to generate key.
(passphrase is hashed and its output is directly used as key).
cipher specification is the same as in LUKS mode.
Milan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] LUKS --hash vs. --cipher whatever:hash
2011-02-18 19:42 ` Milan Broz
@ 2011-02-19 18:39 ` Eric Bauman
0 siblings, 0 replies; 3+ messages in thread
From: Eric Bauman @ 2011-02-19 18:39 UTC (permalink / raw)
To: dm-crypt
Thanks for the replies.
On 19/02/2011, Milan Broz wrote:
> --hash is for LUKS header hash (by default is it sha1), IOW the hash
> used for anti-forensic splitter and volume key obfuscation (passphrase
> is used to unlock LUKS keyslots whe is volume key stored. Volume
> key is always generated from random generator during format.)
Is there any benefit to hash size / algorithm strength? It seems like
afsplitter will ensure the split key is the required length regardless
of the hash output.
> sha256 in cipher specification is useful only for ESSIV initialization vector.
> e.g. aes-cbc-essiv:sha256 - means cipher AES in CBC mode and with ESSIV
> initialization vector which uses sha256 (IV is derived from key using
> sha256 hash).
Does using sha256 over some other hash outputting only 128 bits offer
any practical benefit, other than decreasing the likelyhood of two IVs
being the same?
> It is part of the specification - for more info see project pages
> http://code.google.com/p/cryptsetup/ - specification bookmark.)
Thanks for the link, interesting reading.
Thanks,
Eric
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-19 18:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-18 17:59 [dm-crypt] LUKS --hash vs. --cipher whatever:hash Eric Bauman
2011-02-18 19:42 ` Milan Broz
2011-02-19 18:39 ` Eric Bauman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox