Hi everyone, It's been brought to my attention that in my commit [1], I mistakenly indicated that SHA256 was the only hash supported by the PBKDF2 kdf. I may have misread the default value for the list of possible values in the upstream spec, since more hashes are supported. One possible problem though is that it would not be possible to simply dynamically ask dm-crypt for the hash function that was used when unlocking, since that isn't kept around, from what I remember.
I don't have the bandwidth to work on this currently, but I can see two solutions: either indiscriminately add all abstractions for all possible hash functions of PBKDF2, or parse the LUKS2 headers of the partition to find out which hash function is used. In the meantime, if you use a hash function that isn't SHA256, like SHA512, you'll need to add --modules="gcry_sha512" to your grub-install invocation. [1] aa5172a55cfabdd0bed3161ad44fc228b9d019f7 Best, -- Josselin Poiret
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
