[dm-crypt] question regarding Sha1 and 512 bit key xts mode

anderson jackson thewizard at mighty.co.za
Wed Dec 11 17:31:13 CET 2013

In the faq it is said that the use of sha1 for the purpose used in Luks is
valid because it is not the cryptographic feature that is used but instead the
time delay for retreaving the master key. 

However is this really the case? The output of Sha1 is a 160 bit string.
A password is iterated using PBKDF2(with sha1). But can't I just use all the
possible sha1 values to decrypt the master key and validate it with the master
key checksum? Does this not effectively reduce the possible passwords for an
AES 256 bit volume to a password of 160 bit length?

Kind regards,

South Africas premier free email service - www.webmail.co.za 

Slim now! Pay later! http://clients.wm.co.za/20086125/default.htm

More information about the dm-crypt mailing list