From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <thomas@archlinux.org>
Received: from gerolde.archlinux.org (gerolde.archlinux.org [66.211.214.132])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Wed, 12 Feb 2014 15:30:15 +0100 (CET)
Received: from [134.61.164.204] (164-204.eduroam.rwth-aachen.de
 [134.61.164.204])
 by gerolde.archlinux.org (Postfix) with ESMTPSA id BCFA490233
 for <dm-crypt@saout.de>; Wed, 12 Feb 2014 09:30:14 -0500 (EST)
Message-ID: <52FB8572.7030408@archlinux.org>
Date: Wed, 12 Feb 2014 15:30:10 +0100
From: =?ISO-8859-15?Q?Thomas_B=E4chler?= <thomas@archlinux.org>
MIME-Version: 1.0
References: <CAHeB2AkF00MADGMEbypPnVcenKa-NeVbaMbRMQjcP1r2QvmPOA@mail.gmail.com>
 <20140212141908.GA9017@tansi.org>
In-Reply-To: <20140212141908.GA9017@tansi.org>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="0b3Bh0IG6aiHtjKIXnw3R2llHj6oIE9UP"
Subject: Re: [dm-crypt] Some questions about cryptsetup 1.6.x
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0b3Bh0IG6aiHtjKIXnw3R2llHj6oIE9UP
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Am 12.02.2014 15:19, schrieb Arno Wagner:
> -h is the hash that the plain-text password is put through
> to turn it into a binary value of certain defined length.
> -c specifies the hash that goes into pbkdf2 for the hash
> iteration.

Are you sure?

I was under the impression that '-c' only affects the cipher parameter
passed to dm-crypt - a hash would then be relevant for cipher modes like
cbc-essiv, but xts-plain64 would ignore it. Thus, cryptsetup has default
like 'aes-cbc-essiv:sha256', since essiv needs a hash, and
aes-xts-plain64, since xts does not need a hash.

According to the manpage, -h is what is used in PBKDF2 in luksFormat
mode, or to hash the passphrase in plain mode.

To me, this makes much more sense than what you said.



--0b3Bh0IG6aiHtjKIXnw3R2llHj6oIE9UP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS+4V1AAoJEChPw0yOSxol3sgQANETYAsfc6k7cWhagqNNwJXv
C9vWVFmt0gwnWMzZQXGUfUdaghNNc9RapeXfJfWU3b2URTshSEVNXU+0k8WWPzDq
mKAlthVRYRWBeGEEuZ1HcbC9bfAn4TSGrddtRu7D3hTTpa1/CeS6+OdEsOC/TQVD
hZfCjS5NwlTwLkx53IRTLWixqC1LGY2OCzWaXPIZaqBuxwjUfKCogMyra6Iowz75
4w7UJgfG0X69muTeP0r1rLKCkaq/gZKglUi1g3FkFEfO6FgutSZkxahPKMcHI89U
yKdKom1OTkFpoNTvTRFako+CQK+EEve1CcYUdDNksrvArBbmK6dXZsJa18590KR2
ei1PTI1Cmrl6pXa0dOgVPXT/afhUXG/r2WI/3e0/qnM5TmlNJJiooVeuYyqYRgdQ
xpBbj5Xzr/MWHypOXMx2CWzYr6zm2bfiEYUNL3Sy/29lTxeR8S/jD8fcIOgOuWhj
bKGN3MAqVA9nf24nxnbGYtQTp8ssIVCCOJqLv0rqFs8LRMFOi+YGEdFQYlg0OHgl
6LIl2qgBbA619lPIuFD/gXzR1SExskfq0cZQjiohZsRC3vTn/adIXmxcUbz8rQWs
8UClgdnINkaS3KirpSpCJBHEghx91iv4XL3zQKjBT8G/f100Bu70r1ZHrCizikLA
uknOCs88E5nbSCXZXGq1
=4xS3
-----END PGP SIGNATURE-----

--0b3Bh0IG6aiHtjKIXnw3R2llHj6oIE9UP--