274622 – ebuild request: sys-fs/cryptsetup-1.0.6-r2 with SHA-1 libgcrypt support.

Bug 274622 - ebuild request: sys-fs/cryptsetup-1.0.6-r2 with SHA-1 libgcrypt support.

Summary: ebuild request: sys-fs/cryptsetup-1.0.6-r2 with SHA-1 libgcrypt support.

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-06-18 15:56 UTC by Philipp
Modified:	2011-11-13 04:15 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
SHA-1 libgcrypt patch (cryptsetup-sha1-gcrypt.patch,43.43 KB, patch) 2009-06-18 15:57 UTC, Philipp	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp 2009-06-18 15:56:15 UTC

Hey,

cryptsetup uses luks, so the SHA-1 is hardcoded in sourcecode.
You can't change the hash, with -h option.
SHA-1 is maybe insecure because of an attack that can reduce the strength of SHA-1 from 2^160 to 2^52 http://eprint.iacr.org/2009/259.pdf. So you can do a possible exhausting key search in 7 days with a code breaking machine (copacobana).
So you shouldn't use SHA-1, please add this patch, it uses the libgcrypt and override the hardcoded SHA-1. 
Now you can use the rest of hash algorithms.

Reproducible: Always

Comment 1 Philipp 2009-06-18 15:57:25 UTC

Created attachment 195094 [details, diff]
SHA-1 libgcrypt patch

Comment 2 SpanKY gentoo-dev

2011-11-13 04:15:30 UTC

at this point, these should go through upstream.  we don't have people interested in maintaining these external patches.