Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)?
gmazyland at gmail.com
Fri Jan 17 19:25:39 CET 2014
since this commit (present in 1.6.0)
"md: Fix Whirlpool flaw."
seems that Whirlpool hash produces different output
if data are written in parts.
(If entered as one buffer, it seems to be compatible though.)
Unfortunately, cryptsetup in its anti-forensic filter uses something like this:
Change above seems to breaks all LUKS devices which used Whirlpool as hash
before and upgraded to gcrypt 1.6.0 (cryptsetup cannot open them anymore).
See for example https://bbs.archlinux.org/viewtopic.php?id=175737
Is my assumption that all whirlpool implementations before
libgcrypt 1.6.0 are broken if used this way?
(Using different crypto backend seems to support this assumption...)
More information about the Gcrypt-devel