Bug 274622

Summary:	ebuild request: sys-fs/cryptsetup-1.0.6-r2 with SHA-1 libgcrypt support.
Product:	Gentoo Linux	Reporter:	Philipp <dragon88m>
Component:	Current packages	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED UPSTREAM
Severity:	enhancement	CC:	ikelos
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	SHA-1 libgcrypt patch

Description Philipp 2009-06-18 15:56:15 UTC

Hey,

cryptsetup uses luks, so the SHA-1 is hardcoded in sourcecode.
You can't change the hash, with -h option.
SHA-1 is maybe insecure because of an attack that can reduce the strength of SHA-1 from 2^160 to 2^52 http://eprint.iacr.org/2009/259.pdf. So you can do a possible exhausting key search in 7 days with a code breaking machine (copacobana).
So you shouldn't use SHA-1, please add this patch, it uses the libgcrypt and override the hardcoded SHA-1. 
Now you can use the rest of hash algorithms.

Reproducible: Always

Comment 1 Philipp 2009-06-18 15:57:25 UTC

Created attachment 195094 [details, diff]
SHA-1 libgcrypt patch

Comment 2 SpanKY gentoo-dev

2011-11-13 04:15:30 UTC

at this point, these should go through upstream.  we don't have people interested in maintaining these external patches.