On 02/02/2014 03:20 AM, Brian Knoll wrote: > Public bug reported: > > The SHA-1 hash has been, for years now, considered undesirable for new > installations. In Trusty, a new install using LUKS results in an > installation using SHA-1 hashing, as can be demonstrated by using the > following command: > > cryptsetup luksDump <encrypted partition> > > Please consider compiling the "cryptsetup" package to use a stronger > default hash, perhaps SHA-256 or even SHA-512. > > I think the option "--with-luks1-hash=sha256", for instance, should give > us a SHA-256 default hash, which would be significantly more secure than > our current default in Ubuntu.
No, it will not be "significantly more secure". You have to study how is hash used in LUKS header before stating this. Please read at least section 5.20 in FAQ http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions Milan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1275380 Title: Cryptsetup still using SHA-1 as default hash for Debian Installer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1275380/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
