From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sat, 19 Feb 2011 19:39:35 +0100 (CET)
Received: from list by lo.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1PqriN-0002Nk-MT
 for dm-crypt@saout.de; Sat, 19 Feb 2011 19:39:31 +0100
Received: from rain.gmane.org ([80.91.229.7])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Sat, 19 Feb 2011 19:39:31 +0100
Received: from baumane by rain.gmane.org with local (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Sat, 19 Feb 2011 19:39:31 +0100
From: Eric Bauman <baumane@livejournal.dk>
Date: Sun, 20 Feb 2011 05:39:18 +1100
Message-ID: <ijp2om$plj$1@dough.gmane.org>
References: <ijmc1r$lgb$1@dough.gmane.org> <4D5ECBC2.1060302@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <4D5ECBC2.1060302@redhat.com>
Subject: Re: [dm-crypt] LUKS --hash vs. --cipher whatever:hash
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Thanks for the replies.

On 19/02/2011, Milan Broz wrote:
> --hash is for LUKS header hash (by default is it sha1), IOW the hash
> used for anti-forensic splitter and volume key obfuscation (passphrase
> is used to unlock LUKS keyslots whe is volume key stored. Volume
> key is always generated from random generator during format.)
Is there any benefit to hash size / algorithm strength? It seems like 
afsplitter will ensure the split key is the required length regardless 
of the hash output.

> sha256 in cipher specification is useful only for ESSIV initialization vector.
> e.g. aes-cbc-essiv:sha256 - means cipher AES in CBC mode and with ESSIV
> initialization vector which uses sha256 (IV is derived from key using
> sha256 hash).
Does using sha256 over some other hash outputting only 128 bits offer 
any practical benefit, other than decreasing the likelyhood of two IVs 
being the same?

> It is part of the specification - for more info see project pages
> http://code.google.com/p/cryptsetup/ - specification bookmark.)
Thanks for the link, interesting reading.

Thanks,
Eric