Use a proper KDF + salt instead of sha256sum

[AbdussamadA]

Please use a proper kdf and salting instead of sha256sum. Sha256 can be done very quickly so you can create rainbow tables for common passwords. You can use scrypt for instance and a 64 bit random salt.

[Vincent43]

This isn't what this project aims for. We create LUKS passphrases which are already protected by KDF using pbkdf2 or argon2 depending on LUKS version.

Sha256 is used to enhance user provided challenge (in some scenarios) and make sure it will be a valid input for yubikey challenge-response mode (not bigger than 64 bytes). Keep in mind that sha256 is only 2/3 of the final passphrase so you can't try to guess it directly basing on LUKS header. Even if attacker knows it, they still need the yubikey (you can count this as salt or 2FA ).

Anyway thanks for your comment.

[agherzan]

I think @Vincent43 summarized it well. Nothing to add here.