[dm-crypt] question regarding Sha1 and 512 bit key xts mode

Sven Eschenberg sven at whgl.uni-frankfurt.de
Sun Aug 23 22:21:28 CEST 2015

Maybe I got a misconception here.

But if I remember correctly:

In case of auth, a collision might get you authed, in LUKS a collission
gets you past the candidate check, but a mere collision without hitting
the correct key, results in gibberish during decryption.

If I am wrong, please correct me here...

I was not really discussing the "excact" procedure of hashing in
cryptsetup here, but maybe I slipped on something?



P.S.: It's been a while since I read the source of cryptsetup ;-).

On Sun, August 23, 2015 21:38, Arno Wagner wrote:
> On Sun, Aug 23, 2015 at 20:51:42 CEST, Sven Eschenberg wrote:
>> On Sat, August 22, 2015 05:38, Heinz wrote:
>> > Arno Wagner <arno at ...> writes:
>> >
>> >> No, that is not the statement. The statement is that collision
>> attacks
>> >> (the SHA1-weakness) are irrelevant for password hasing.
>> >
>> > Or in other words, SHA1 is secure in this case. But why not always use
>> the
>> > best possible hash algorithm, instead of an option which is at least
>> safe?
>> > I would logically use always the strongest one, purely as a
>> precaution,
>> > and
>> > not what has already demonstrated weaknesses of any kind. I would not
>> want
>> > to wait if SHA1 really holds a long time. :)
>> Sorry to intervene here. Hashing in LUKS is only used to check if a
>> password/passphrase is a candidate. So, even if you manage to find a
>> collision, the worst that can happen is, that LUKS accepts the
>> 'collisison' as valid key and you'll get gibberish on the mapping. Your
>> encrypted data will be useless 'random' data and is not compromised
>> then.
> I seem to remember that PBKDF2 gets the hash discussed (SHA1) as input
> and also that the AF splitter uses it. Still not an issue.
> Arno
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D
> 9718
> ----
> A good decision is based on knowledge and not on numbers. -- Plato
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

More information about the dm-crypt mailing list