[dm-crypt] [ANNOUNCE] cryptsetup 1.6.4

Arno Wagner arno at wagner.name
Sat Mar 1 20:44:24 CET 2014


On Sat, Mar 01, 2014 at 17:50:25 CET, Heinz Diehl wrote:
> On 01.03.2014, Milan Broz wrote: 
> 
> > (I would say - this is a good lesson to think why there are safe defaults
> > and why you should not change encryption parameters without good reason :-)
> 
> It's not always the facts which leads to action, but the peoples
> assumptions and beliefs. After all, there's a general disbelief in all
> things the NSA put their fingers on. That said, it is not hard for me
> to understand what people moves to use whirlpool over SHAx..

Which leads to its own set of problems, as recently seen...

The advice is not to change crypto parameters unless you
really know what you are doing. Most people do not and make
matters worse. The only thing we can try to do heres is to 
explain, as, e.g., FAQ Item 5.20 "LUKS is broken! It uses SHA-1!"
tries to do. Just changing some things with no clear understanding 
why they may or may not be bad is worse than running with the 
defaults. 

Face it, unless you are an experty for the use of crypto,
you have no chance of coocking up your own parameter set
that is reliably "better", but have a good chance of making 
things worse.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list