Bug#387159: [Pkg-cryptsetup-devel] Bug#387159: cryptsetup: compulsory
hashing in luks format
David Härdeman
david at hardeman.nu
Fri Nov 10 23:46:42 CET 2006
tags 387159 +wontfix
thanks
On Tue, Sep 12, 2006 at 05:27:57PM +0100, Dennis Furey wrote:
>My key is manually generated in binary by a random physical process
>and memorized as a hexadecimal number, so I have nothing to gain but
>maybe something to lose by hashing it. I have patched cryptsetup to
>pay attention to the plain hash option when using LUKS format, and to
>refrain from hashing the password in that case, provided that the
>password is given as a hexadecimal number of the right length.
>
>I appreciate that using passwords that are secure but difficult to
>remember could cause trouble for some people. Other than that, there
>should be no breakage for anyone because there was previously no
>reason to use the plain hash option for LUKS format. Backward
>compatibility can be retained by continuing not to use it. I hope you
>like my patch. Feel free to send it upstream.
I've already discussed this feature with upstream some time ago for
similar purposes and he was not willing to accept such a change. I don't
think we should carry such a patch when upstream does not agree.
You still have the option of using regular dm-crypt without hashing
though.
If you'd still like to see this change applied, I suggest you discuss
it directly with the upstream author - Clemens Fruhwirth
(<clemens at endorphin.org>, http://clemens.endorphin.org/)
--
David Härdeman
More information about the Pkg-cryptsetup-devel
mailing list