From: Milan Broz <mbroz@redhat.com>
To: Philipp Deppenwiese <zaolin@das-labor.org>
Cc: Liste Cryptsetup <dm-crypt@saout.de>
Subject: Re: [dm-crypt] New Luks Format Specification (1.3)
Date: Wed, 01 Feb 2012 10:23:40 +0100 [thread overview]
Message-ID: <4F29049C.3050205@redhat.com> (raw)
In-Reply-To: <A4B905E0-1D6B-43A9-8703-01F8887986C8@das-labor.org>
On 02/01/2012 08:59 AM, Philipp Deppenwiese wrote:
> Up to now we still use SHA-1 as default algorithm for PBKDF2
> in luks.
Firstly, thank you for sending to the list where it can be
properly discussed.
For others, I guess this originates in
http://code.google.com/p/cryptsetup/issues/detail?id=119
As you know, SHA1 is not hardcoded anymore, you can use whatever
has algorithm you want and is supported in crypto library.
Arno and others will surely comment here issue of PBKDF2 use.
> The next problem is the excessive use of parallel
> bruteforcing systems like ASIC, FPGA or GPUGPU technology. A new key
> derivation function is needed in order to raise the complexity of
> bruteforce attacks against the luks key derivation function.
This is just your statement, please provide facts supporting it.
> If someone sends me the *.tex file of the luks specification, i will
> update and post it for review.
tex file is in svn. But changing LUKS header definitely doesn't work
this random way.
Please discuss your ideas, provide theoretical background, send a patch
and if there is real problem to solve, I am sure it will become
part of code.
Thanks,
Milan
prev parent reply other threads:[~2012-02-01 9:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-01 7:59 [dm-crypt] New Luks Format Specification (1.3) Philipp Deppenwiese
2012-02-01 8:19 ` Arno Wagner
2012-02-01 9:23 ` Milan Broz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F29049C.3050205@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=zaolin@das-labor.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox