From Fedora Project Wiki

(cryptsetup-luks seems not to support anything else than SHA1 for luks volumes)
 
No edit summary
 
Line 6: Line 6:
</code>
</code>
Therefore it seems not to be possible to use SHA256 with LUKS currently. --[[User:Till|Till]] 17:51, 31 March 2009 (UTC)
Therefore it seems not to be possible to use SHA256 with LUKS currently. --[[User:Till|Till]] 17:51, 31 March 2009 (UTC)
: SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using <code>-h</code> refers to <code>cryptsetup create</code>, i.e. "raw" dm-crypt, not LUKS. [[User:Mitr|Mitr]] 18:02, 31 March 2009 (UTC)

Latest revision as of 18:02, 31 March 2009

From the cryptsetup manpage:

NOTES ON PASSWORD PROCESSING FOR LUKS

      LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).  LUKS will always use SHA1 in HMAC mode, and no  other  mode  is  supported  at  the moment.  Hence, -h is ignored.

Therefore it seems not to be possible to use SHA256 with LUKS currently. --Till 17:51, 31 March 2009 (UTC)

SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using -h refers to cryptsetup create, i.e. "raw" dm-crypt, not LUKS. Mitr 18:02, 31 March 2009 (UTC)