[nycbug-talk] Re: Linux Cryptoloop

Roland C. Dowdeswell elric
Fri Mar 5 17:29:47 EST 2004


On 1078522789 seconds since the Beginning of the UNIX epoch
Pete Wright wrote:
>

>roland how do you feel about dm-cryp then?
>
>http://www.saout.de/misc/dm-crypt/
>
>i know the linux kernel hackers always felt that crypto-loop was always 
>a bad hack, at best.  from what i understand, which isn't much regarding 
>crypt. honestly, dm-crypt is supposed to address many of the problems 
>with crypto-loop.

Well, I just went to the link you posted and, well, given only a
few minutes of looking around it is not exactly apparent what they
are actually doing.  It looks rather poorly documented, all in all.
But, from some chasing around:

They use hashalot to generate the key from a passphrase and it is
just a simple hash or a salted hash rather than an industry standard
passphrase->key algorithm such as PKCS#5 PBKDF2 (which I use in
CGD.)  I do not understand exactly why everyone feels it is necessary
to play amateur cryptographer when there are accepted ways to do
these things that have been scrutinised by people who actually
understand the issues involved.  This is actually a rather large
pet peeve of mine, I mean if you presume that you know better than
professional cryptographers how to turn a passphrase into a key
then why don't you just write your own crypto algorithms, too? So,
to make a long story short, the hashalot method is vulnerable to
dictionary attack.

It looks like it might be possible to get it to do the right thing,
but only if you put substantial effort into setting it up and know
what you are doing.  This is, IMO, an unacceptable burden to place
on users.  On the other hand, I also get the impression that the
work is not anything near complete so perhaps some of these issues
will be addressed in the course of time.

I might make a few more comments later.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/




More information about the talk mailing list