Discussion:
[A.S.S] & [A.P] DriveCrypt is using SHA-1 for hashing, any crypto expert can comment on this?
(too old to reply)
Macarro
2010-08-16 14:00:39 UTC
Permalink
Raw Message
I noticed that DriveCrypt Plus Pack3.95 is using AES256 and SHA-1, I was
reading Schneier's blog and in
one of his posts in 2005 he says that we should move away from SHA-1.

http://www.schneier.com/blog/archives/2005/10/nist_hash_works_2.html

Quote:
"Don't use SHA-1 for anything new, and start moving away from it as soon as
possible.
To SHA-256, probably."

It appears that DriveCrypt Plus Pack is using SHA-1 at 160bits, Schneier was
recommending
SHA-256 in 2005, that is five years ago.

I am getting cold feet about SHA-160, I wonder if it is paranoia or a
justified worry, I have very important
data encrypted that would seriously destroy my life and business if it falls
in the wrong hands.

PGP whole disk encryption has been using SHA-2 (512 bits) for quite some time
now...

Thanks

PS: Yes I know about Truecrypt, let's save the comments on that, I needed a
business solution.
Ari Silverstein
2010-08-16 21:04:51 UTC
Permalink
Raw Message
Post by Macarro
I noticed that DriveCrypt Plus Pack3.95 is using AES256 and SHA-1, I was
reading Schneier's blog and in
one of his posts in 2005 he says that we should move away from SHA-1.
http://www.schneier.com/blog/archives/2005/10/nist_hash_works_2.html
"Don't use SHA-1 for anything new, and start moving away from it as soon as
possible.
To SHA-256, probably."
It appears that DriveCrypt Plus Pack is using SHA-1 at 160bits, Schneier was
recommending
SHA-256 in 2005, that is five years ago.
I am getting cold feet about SHA-160, I wonder if it is paranoia or a
justified worry, I have very important
data encrypted that would seriously destroy my life and business if it falls
in the wrong hands.
PGP whole disk encryption has been using SHA-2 (512 bits) for quite some time
now...
Thanks
PS: Yes I know about Truecrypt, let's save the comments on that, I needed a
business solution.
And your point/question is...?
--
We warn you now not to steal or sell government secrets or you *will*
pay the price of having your arse violated rudely by our covertly
trained, butt-fucking pony.
Loading...