Ask Your Question
0

Encrypt with sha512 hash? Manual install? (LVM+LUKS)

asked 2014-01-06 11:18:17 -0600

vuarnet gravatar image

I recently installed Fedora via anaconda with a LUKS+LVM setup with manual partitioning. Just a /, /home and /boot. I am glad to see that the installer uses aes xts-plain64 with a 512 key size (equivalent to 256 bcof pairing in xts), but I was surprised that the installer still uses sha1...

I would much prefer to use sha512 instead of sha1 -- is there any way to do this? I would even be open to a manual install like gentoo or Arch if I could have this sort of flexibility. Any help would be greatly appreciated.

Thanks in advance!

edit retag flag offensive close merge delete

Comments

Fedora 20 uses AES in xts-plain64 mode. It does use sha1 which is very disappointing. I also suspect that Fedora 21 will be the same. vuarnet if you want such flexability then Arch or Gentoo is definately the way to go unless Fedora decides to default on sha512. I wouldn't hold my breath though.

blueforce gravatar imageblueforce ( 2014-07-17 21:08:37 -0600 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-03-22 18:54:00 -0600

sparks gravatar image

You didn't mention what version of Fedora you are using but I think the current default is SHA-256.

I cannot seem to find the list of supported hash algorithms for LUKS but using the -h switch should allow you to specify the hash (sha256 or sha512) when you manually create a LUKS partition. There is currently not a way to make these choices in Anaconda when you are installing.

edit flag offensive delete link more

Comments

cryptsetup currently support these hashes:

PBKDF2-sha1 PBKDF2-sha256 PBKDF2-sha512 PBKDF2-ripemd160 PBKDF2-whirlpool

cryptsetup benchmark gives you all the hash and ciphers it supports

blueforce gravatar imageblueforce ( 2014-07-17 21:30:56 -0600 )edit
add a comment
0

answered 2014-07-17 21:06:09 -0600

blueforce gravatar image

Fedora 20 uses AES in xts-plain64 mode. It does use sha1 which is very disappointing. I also suspect that Fedora 21 will be the same. vuarnet if you want such flexability then Arch or Gentoo is definately the way to go unless Fedora decides to default on sha512. I wouldn't hold my breath though.

edit flag offensive delete link more
add a comment

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-01-06 11:18:17 -0600

Seen: 1,599 times

Last updated: Jul 17 '14

Related questions

Howto rescue Fedora 22 LXDE x86_64 system with LUKS with corrupt boot sector?

Fedora and Luks, LVM.

How is my second luks volume getting decrypted, or is it?

Unable to resize LUKS LVM

Encrypted LUKS Volume Cannot Be Mounted After Reboot

How to expand my encrypted root Partition?

Fedora 18 Grub2 USB (Welcome to Grub halt)

How to disable cryptography in a partition? (Fedora 19)

File System size discrepancies

Gnome Disks support for LVM2?

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2