Ask Your Question
0

Encrypt with sha512 hash? Manual install? (LVM+LUKS)

asked 2014-01-06 11:18:17 -0600

vuarnet gravatar image

I recently installed Fedora via anaconda with a LUKS+LVM setup with manual partitioning. Just a /, /home and /boot. I am glad to see that the installer uses aes xts-plain64 with a 512 key size (equivalent to 256 bcof pairing in xts), but I was surprised that the installer still uses sha1...

I would much prefer to use sha512 instead of sha1 -- is there any way to do this? I would even be open to a manual install like gentoo or Arch if I could have this sort of flexibility. Any help would be greatly appreciated.

Thanks in advance!

edit retag flag offensive close merge delete

Comments

Fedora 20 uses AES in xts-plain64 mode. It does use sha1 which is very disappointing. I also suspect that Fedora 21 will be the same. vuarnet if you want such flexability then Arch or Gentoo is definately the way to go unless Fedora decides to default on sha512. I wouldn't hold my breath though.

blueforce gravatar imageblueforce ( 2014-07-17 21:08:37 -0600 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-03-22 18:54:00 -0600

sparks gravatar image

You didn't mention what version of Fedora you are using but I think the current default is SHA-256.

I cannot seem to find the list of supported hash algorithms for LUKS but using the -h switch should allow you to specify the hash (sha256 or sha512) when you manually create a LUKS partition. There is currently not a way to make these choices in Anaconda when you are installing.

edit flag offensive delete link more

Comments

cryptsetup currently support these hashes:

PBKDF2-sha1 PBKDF2-sha256 PBKDF2-sha512 PBKDF2-ripemd160 PBKDF2-whirlpool

cryptsetup benchmark gives you all the hash and ciphers it supports

blueforce gravatar imageblueforce ( 2014-07-17 21:30:56 -0600 )edit
0

answered 2014-07-17 21:06:09 -0600

Fedora 20 uses AES in xts-plain64 mode. It does use sha1 which is very disappointing. I also suspect that Fedora 21 will be the same. vuarnet if you want such flexability then Arch or Gentoo is definately the way to go unless Fedora decides to default on sha512. I wouldn't hold my breath though.

edit flag offensive delete link more

Question Tools

2 followers

Stats

Asked: 2014-01-06 11:18:17 -0600

Seen: 1,599 times

Last updated: Jul 17 '14