From: "shmick@riseup.net" <shmick@riseup.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Few questions from a new user
Date: Fri, 10 Jan 2014 01:58:18 +1100 [thread overview]
Message-ID: <52CEB90A.1030908@riseup.net> (raw)
In-Reply-To: <CAFnMBaSrO=UXS8FCVA5xVcEha2f++u8ryP94kwGEq=VpOCHoZw@mail.gmail.com>
.. ink ..:
> On Thu, Jan 9, 2014 at 1:51 AM, Arno Wagner <arno@wagner.name> wrote:
>
>> Hi Konrad,
>>
>> On Wed, Jan 08, 2014 at 23:35:42 CET, Konrad wrote:
>>> I am new to disk encryption and I have been reading on it for the
>>> last days, but I am still confused on some points. I would
>>> appreciate if someone knowledgeable could clue me in.
>>
>> If you have not found it yet, the FAQ is at
>> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
>>
>>> 1. Is SHA1 just as secure for this purpose as SHA512? After reading
>>> cryptsetup docs I have a feeling that yes, but I get conflicting
>>> opinions from various people, so I thought it's best ask at the
>>> source.
>>
>> It is. These "various people" likely do not understand what the
>> attacks on SHA1 actually are but merely heard that it was "insecure".
>> See also FAQ Item 5.20
>>
>>
> We live in the world of twitter where you automatically loose when you need
> to explain yourself.
you might - not everybody else does
>
> More and more of this type of question will start to show up and this
> inquiry just showed an explanation in the FAQ is not enought to offer
> assurance and giving an answer each and every time here will get boring
> pretty soon and rudeness will ensue.
wouldn't need to if one slows down, takes a cup of coffee and read
elsewhere on the big old internet
patience is a virtue; you won't be secure if you're in a hurry
>
> Whats the worse that could happen if the default is switched to SHA2?If it
> makes no practical difference,then switching seem to be a better
> alternative just to silence these kind of questions as their existence puts
> doubt in cryptsetup's security robustness.
you don't have to use defaults - you're free to do what you like
but show us that defaults are not safe; please do
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
next prev parent reply other threads:[~2014-01-09 15:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-08 22:35 [dm-crypt] Few questions from a new user Konrad
2014-01-09 6:51 ` Arno Wagner
2014-01-09 11:22 ` .. ink ..
2014-01-09 14:58 ` shmick [this message]
2014-01-10 5:04 ` Arno Wagner
2014-01-10 5:00 ` Arno Wagner
-- strict thread matches above, loose matches on Subject: below --
2014-01-10 14:31 Arno Wagner
2014-01-10 15:33 ` .. ink ..
2014-01-10 16:36 ` Arno Wagner
2014-01-10 16:08 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52CEB90A.1030908@riseup.net \
--to=shmick@riseup.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox