[dm-crypt] Few questions from a new user

Arno Wagner arno at wagner.name
Fri Jan 10 06:00:42 CET 2014


On Thu, Jan 09, 2014 at 12:22:08 CET, .. ink .. wrote:
> On Thu, Jan 9, 2014 at 1:51 AM, Arno Wagner <arno at wagner.name> wrote:
[...]
> > It is. These "various people" likely do not understand what the
> > attacks on SHA1 actually are but merely heard that it was "insecure".
> > See also FAQ Item 5.20
> >
> >
> We live in the world of twitter where you automatically loose when you need
> to explain yourself.

Only apparently. You do not get security without understanding what
you are doing. The "twittiots" (just created that myself, but I 
do not claim originality ;-) have already lost here and nothing is
going to save them. Insignt and care cannot be replaces by anything
else. 

> More and more of this type of question will start to show up and this
> inquiry just showed an explanation in the FAQ is not enought to offer
> assurance and giving an answer each and every time here will get boring
> pretty soon and rudeness will ensue.

The FAQ is not read by most people. I am aware of that. Occasionally
I get feedback from people that are really glad to have found it though.

The primary use of the FAQ is to make an answer brief: 
   "See FAQ Item 5.20".

The secondary use is "I told you so" when yest somebody again manages 
to destroy their data becasue they have not bothered to find out how
to handle LUKS right. 

The tertiary use is for the few that are aware that this is difficult
and actually read the FAQ before messing up. 
 
> Whats the worse that could happen if the default is switched to SHA2?

Complete breakdown. The LUKS header does not support a hash-spec
in this place at the moment, so it would need to be done via
some kind of dirty hack. Also, SHA2 may not actually be much
more secure than SHA1. It is usually only recommended as 
intermediate solution until SHA-3 becomes available. As the
NSA seems to have messed with SHA-3, that might take a while.

> If it makes no practical difference,then switching seem to be a better
> alternative just to silence these kind of questions as their existence
> puts doubt in cryptsetup's security robustness.

It does make a significant practical difference with regard to
the software engineering aspects.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list