[dm-crypt] Plain hashing algorithm

Arno Wagner arno at wagner.name
Tue Dec 9 16:45:05 CET 2014

On Tue, Dec 09, 2014 at 15:33:45 CET, John Lane wrote:
> Just trying to satisfy my curiosity... hope that's ok...
> When I do plain mode I can specify a hash or accept the default, ripemd160.
> That isn't the full story, however, as the hash (160 bits) is stretched
> to the key size (256 bits).
> I've checked the source and can see the algorithm in the code
> (crypt_plain.c#30-62).
> I don't fully understand it but just wondered if that's some standard
> alg similar PBKDF2 (which it isn't) or something specifc to cryptsetup?

You mean the stretching?

Generally, stretching keys for a block-cipher is non-critical 
and you could just fill the key up with zeros. For a tiny bit 
more in security, you usually pad with something non-zero. You 
can also add a bit of iteration, hash in key-lengh, positions, etc. 

As long as you do not mess this up, you can only make the result 
stronger, not weaker. 
> I'm also curious about the "hack from hashalot". By googling that phrase
> I find it's been copied into a number of other things.

Probably something hashalot did first. My guess is that 
it was taken as hashalot has been around for some time and
has gotten some attention, and hence is less likely to 
have some flaw in this. 


> Like I said, just curious.
> Thanks,
> John
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list