[dm-crypt] MK Digest Size

[dm-crypt] MK Digest Size

[Jorge Fábregas]

Hello everyone,

I'm new to DM-Crypt/LUKS and I'm wondering why is it that, when I format
a partition (luksFormat) using --hash sha256, I still get to see 20 HEX
characters (160 bits) for the MK digest?  Shouldn't I see 32 HEX chars
(256 bits)?   Or is that sha256 is used in the PBKDF2 process but the
function is instructed to deliver just 160 bits?

One final thing just to make sure:  is the algorithm that appears under
"Hash spec" in the header..is this the same hash-algorithm used (along
with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for
the MK digest?

The man page says for the hash option:   ...used in LUKS key setup
scheme and volume key digest.  So it appears that "Hash spec" is used
for both...but then, I don't understand why I get just 160 bits when I
specify sha256 :(

Thanks!

Regards,
Jorge

Re: [dm-crypt] MK Digest Size

[Jorge Fábregas]

On 07/10/2011 12:29 PM, Jorge Fábregas wrote:
> I still get to see 20 HEX characters (160 bits) for the MK digest?  

I'm sorry.  I meant 20 pairs of HEX characters (40 chars) as they appear
nicely formatted in the luksDump output.

> Shouldn't I see 32 HEX chars (256 bits)?   

Same here (64 hex characters ).

> Or is that sha256 is used in the PBKDF2 process but the function is 
> instructed to deliver just 160 bits?

Ok, I'm going to try to answer myself as I just read again the latest
specification.  It appears this is the case (just 160 bits even if you
use sha256) because there are just 20 bytes available for "mk-digest" in
the header.

I'm just curious:  is having just 20 bytes for the digest a limitation
here?  Are there any plans to expand this field in the future?


> One final thing just to make sure:  is the algorithm that appears under
> "Hash spec" in the header..is this the same hash-algorithm used (along
> with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for
> the MK digest?

Apparently yes.

Sorry for the noise!

Regards,
Jorge

Re: [dm-crypt] MK Digest Size

[Milan Broz]

On 07/10/2011 06:29 PM, Jorge Fábregas wrote:
> I'm new to DM-Crypt/LUKS and I'm wondering why is it that, when I format
> a partition (luksFormat) using --hash sha256, I still get to see 20 HEX
> characters (160 bits) for the MK digest?  Shouldn't I see 32 HEX chars
> (256 bits)?   Or is that sha256 is used in the PBKDF2 process but the
> function is instructed to deliver just 160 bits?

Yes, it uses sha256 but only first 20 bytes is stored. This is limitation
of the current LUKS on-disk header (20 bytes was fixed length of SHA1).

MK digest is just for verification that decrypted key is correct,
20 bytes is enough for that.

> One final thing just to make sure:  is the algorithm that appears under
> "Hash spec" in the header..is this the same hash-algorithm used (along
> with PBKDF2) for the user-keys? as well as the one used with PBKDF2 for
> the MK digest?

Yes, hash algorithm in LUKS header is used in PBKDF2 and AF splitter.

> The man page says for the hash option:   ...used in LUKS key setup
> scheme and volume key digest.  So it appears that "Hash spec" is used
> for both...but then, I don't understand why I get just 160 bits when I
> specify sha256 :(

See above, header structure is fixed, change would mean binary incompatibility.
Only MK digest is limited here, in all other cases it uses real length of
hash.

Milan

Re: [dm-crypt] MK Digest Size

[Jorge Fábregas]

Thanks Milan for confirming and for all the details.  I'm all clear now.

All the best,
Jorge