[dm-crypt] Alternate KDFs (Key Derivation Functions) in cryptsetup

Mike mwra.mwra at gmail.com
Fri Jun 21 03:14:28 CEST 2013

Hey Milan,

Thanks for responding. I'll take a look at what different libraries are
available and see if I can incorporate them instead. Scrypt has been
published by the IETF in a standardized format (
http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01), but I believe it
is still in draft status. Thanks for considering any contributions, and
thanks for the great work you've done so far on cryptsetup.


On Tue, Jun 18, 2013 at 6:39 AM, Milan Broz <gmazyland at gmail.com> wrote:

> On 18.6.2013 1:47, Mike wrote:
> > Hi,
> >
> > I started some work on adding changes to the cryptsetup code to allow
> > for the use of different KDFs during key derivation, as it's a
> > feature I believe would be useful. I was thinking of adding both
> > bcrypt and scrypt as available alternative KDFs that the user may
> > choose from.  As I didn't wish to alter the current header structure,
> > if there's a different KDF used during format, that KDF would have to
> > be specified during volume open, as well any other relevant
> > operations.
> >
> > If I created a patch for all the changes and submitted them for
> > review, would there be an interest in incorporating them into the
> > main cryptsetup branch? I've already incorporated the scrypt
> > reference implementation into the cryptsetup codebase and confirmed
> > that the official test vectors match the output. I would also be
> > interested in helping out with any other updates that might need to
> > be made.
> Hi,
> if you used the latest code you can see that code is almost ready
> to add another KDF.
> So definitely there is a plan to add more KDFs in future as needed,
> if they are proven to be secure, idealy defined in some standard or RFC,
> but I would like to see more widely use before it can become part of main
> branch.
> Anyway, you can always post patches for testing.
> Please attach it to
> http://code.google.com/p/cryptsetup/issues/detail?id=119
> (or send it to this list if you do not want use Google account).
> But I definitely prefer if scrypt (or another KDF) is part of crypto
> library and
> cryptsetup uses just wrapper over this library.
> (PBKDF2 is implemented in core because of historic reasons and
> it is only fallback now - only if configured crypto backend doesn't
> provide PBKDF2, internal implementation is used. The same should apply
> for other KDF as well.)
> Thanks,
> Milan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130620/b5bf1e85/attachment.html>

More information about the dm-crypt mailing list