From Fedora Project Wiki

Revision as of 18:02, 31 March 2009 by Mitr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

From the cryptsetup manpage:

NOTES ON PASSWORD PROCESSING FOR LUKS 

      LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).  LUKS will always use SHA1 in HMAC mode, and no  other  mode  is  supported  at  the moment.  Hence, -h is ignored.

Therefore it seems not to be possible to use SHA256 with LUKS currently. --Till 17:51, 31 March 2009 (UTC)

SHA-1 inside HMAC is good enough for me (and NIST.gov); the configuration example using -h refers to cryptsetup create, i.e. "raw" dm-crypt, not LUKS. Mitr 18:02, 31 March 2009 (UTC)
Retrieved from "https://fedoraproject.org/w/index.php?title=Talk:Hash_algorithm_migration_status&oldid=93823"