[dm-crypt] Few questions from a new user

shmick at riseup.net shmick at riseup.net
Thu Jan 9 15:58:18 CET 2014



.. ink ..:
> On Thu, Jan 9, 2014 at 1:51 AM, Arno Wagner <arno at wagner.name> wrote:
> 
>> Hi Konrad,
>>
>> On Wed, Jan 08, 2014 at 23:35:42 CET, Konrad wrote:
>>> I am new to disk encryption and I have been reading on it for the
>>> last days, but I am still confused on some points. I would
>>> appreciate if someone knowledgeable could clue me in.
>>
>> If you have not found it yet, the FAQ is at
>> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
>>
>>> 1. Is SHA1 just as secure for this purpose as SHA512? After reading
>>> cryptsetup docs I have a feeling that yes, but I get conflicting
>>> opinions from various people, so I thought it's best ask at the
>>> source.
>>
>> It is. These "various people" likely do not understand what the
>> attacks on SHA1 actually are but merely heard that it was "insecure".
>> See also FAQ Item 5.20
>>
>>
> We live in the world of twitter where you automatically loose when you need
> to explain yourself.

you might - not everybody else does

> 
> More and more of this type of question will start to show up and this
> inquiry just showed an explanation in the FAQ is not enought to offer
> assurance and giving an answer each and every time here will get boring
> pretty soon and rudeness will ensue.

wouldn't need to if one slows down, takes a cup of coffee and read
elsewhere on the big old internet

patience is a virtue; you won't be secure if you're in a hurry

> 
> Whats the worse that could happen if the default is switched to SHA2?If it
> makes no practical difference,then switching seem to be a better
> alternative just to silence these kind of questions as their existence puts
> doubt in cryptsetup's security robustness.

you don't have to use defaults - you're free to do what you like

but show us that defaults are not safe; please do


> 
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 


More information about the dm-crypt mailing list