[dm-crypt] MK Digest Size

Jorge Fábregas jorge.fabregas at gmail.com
Sun Jul 10 18:59:51 CEST 2011

On 07/10/2011 12:29 PM, Jorge Fábregas wrote:
> I still get to see 20 HEX characters (160 bits) for the MK digest?  

I'm sorry.  I meant 20 pairs of HEX characters (40 chars) as they appear
nicely formatted in the luksDump output.

> Shouldn't I see 32 HEX chars (256 bits)?   

Same here (64 hex characters ).

> Or is that sha256 is used in the PBKDF2 process but the function is 
> instructed to deliver just 160 bits?

Ok, I'm going to try to answer myself as I just read again the latest
specification.  It appears this is the case (just 160 bits even if you
use sha256) because there are just 20 bytes available for "mk-digest" in
the header.

I'm just curious:  is having just 20 bytes for the digest a limitation
here?  Are there any plans to expand this field in the future?

> One final thing just to make sure:  is the algorithm that appears under
> "Hash spec" in the header..is this the same hash-algorithm used (along
> with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for
> the MK digest?

Apparently yes.

Sorry for the noise!


More information about the dm-crypt mailing list