[dm-crypt] MK Digest Size

Milan Broz mbroz at redhat.com
Sun Jul 10 20:17:04 CEST 2011

On 07/10/2011 06:29 PM, Jorge Fábregas wrote:
> I'm new to DM-Crypt/LUKS and I'm wondering why is it that, when I format
> a partition (luksFormat) using --hash sha256, I still get to see 20 HEX
> characters (160 bits) for the MK digest?  Shouldn't I see 32 HEX chars
> (256 bits)?   Or is that sha256 is used in the PBKDF2 process but the
> function is instructed to deliver just 160 bits?

Yes, it uses sha256 but only first 20 bytes is stored. This is limitation
of the current LUKS on-disk header (20 bytes was fixed length of SHA1).

MK digest is just for verification that decrypted key is correct,
20 bytes is enough for that.

> One final thing just to make sure:  is the algorithm that appears under
> "Hash spec" in the header..is this the same hash-algorithm used (along
> with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for
> the MK digest?

Yes, hash algorithm in LUKS header is used in PBKDF2 and AF splitter.

> The man page says for the hash option:   ...used in LUKS key setup
> scheme and volume key digest.  So it appears that "Hash spec" is used
> for both...but then, I don't understand why I get just 160 bits when I
> specify sha256 :(

See above, header structure is fixed, change would mean binary incompatibility.
Only MK digest is limited here, in all other cases it uses real length of


More information about the dm-crypt mailing list