[dm-crypt] zuluCrypt v3.0 released.

[dm-crypt] zuluCrypt v3.0 released.

[.. ink ..]

[-- Attachment #1: Type: text/plain, Size: 1024 bytes --]

project page: http://code.google.com/p/zulucrypt/

screenshots of the new release:
https://picasaweb.google.com/109794855728648275729/ZuluCryptV30?authuser=0&feat=directlink

video showing features of the new release:
https://docs.google.com/leaf?id=0B8juRKTjN4Q9Njk0MTY4OWQtODcyMi00MGY2LTg5ODktOTg2MGYyNGRiNzI1&hl=en_US

This release put cryptsetup/zuluCrypt at the same level as truecrypt feature
wise when used from the GUI.

It can now (from the GUI)
1. Create key files( 512 bytes in size composed of only the 94 printable
characters).
2. Create volumes both in files and partitions.
3. Create both plain type and luks types volumes.
4. Add keys to luks type volumes.
5 . Delete keys from luks type volumes.
6. Close a bunch of bugs.

All volume management can be done through either passphrases or key files.

The core functionality is now in place and next version(version 4) will be
for GUI user configuration options of things like font type, font size, use
of tray icon and maintaining a list of favorite volumes.

[-- Attachment #2: Type: text/html, Size: 1543 bytes --]

Re: [dm-crypt] zuluCrypt v3.0 released.

[Quentin Lefebvre]

Hi,

This looks like a very nice project.

On 05/10/2011 08:28, .. ink .. wrote :
> project page: http://code.google.com/p/zulucrypt/
> 
> screenshots of the new release:
> https://picasaweb.google.com/109794855728648275729/ZuluCryptV30?authuser=0&feat=directlink
> 
> video showing features of the new release:
> https://docs.google.com/leaf?id=0B8juRKTjN4Q9Njk0MTY4OWQtODcyMi00MGY2LTg5ODktOTg2MGYyNGRiNzI1&hl=en_US
> 
> This release put cryptsetup/zuluCrypt at the same level as truecrypt feature
> wise when used from the GUI.
> 
> It can now (from the GUI)
> 1. Create key files( 512 bytes in size composed of only the 94 printable
> characters).

512 bits rather than bytes ?

> 2. Create volumes both in files and partitions.
> 3. Create both plain type and luks types volumes.
> 4. Add keys to luks type volumes.
> 5 . Delete keys from luks type volumes.
> 6. Close a bunch of bugs.
> 
> All volume management can be done through either passphrases or key files.
> 
> The core functionality is now in place and next version(version 4) will be
> for GUI user configuration options of things like font type, font size, use
> of tray icon and maintaining a list of favorite volumes.
> 

I just took a look at the screenshots and I'm a bit surprised about the
fact keys are generated from /dev/urandom. Even for 512 bits, that is 64
bytes, wouldn't it be better to read key files from /dev/random ? Unless
there is a setting allowing the user to explicitly choose the source ?

Best,
Quentin

Re: [dm-crypt] zuluCrypt v3.0 released.

[Arno Wagner]

On Wed, Oct 05, 2011 at 05:07:34PM +0200, Quentin Lefebvre wrote:
> Hi,
> 
> This looks like a very nice project.
> 
> On 05/10/2011 08:28, .. ink .. wrote :
> > project page: http://code.google.com/p/zulucrypt/
> > 
> > screenshots of the new release:
> > https://picasaweb.google.com/109794855728648275729/ZuluCryptV30?authuser=0&feat=directlink
> > 
> > video showing features of the new release:
> > https://docs.google.com/leaf?id=0B8juRKTjN4Q9Njk0MTY4OWQtODcyMi00MGY2LTg5ODktOTg2MGYyNGRiNzI1&hl=en_US
> > 
> > This release put cryptsetup/zuluCrypt at the same level as truecrypt feature
> > wise when used from the GUI.
> > 
> > It can now (from the GUI)
> > 1. Create key files( 512 bytes in size composed of only the 94 printable
> > characters).
> 
> 512 bits rather than bytes ?
> 
> > 2. Create volumes both in files and partitions.
> > 3. Create both plain type and luks types volumes.
> > 4. Add keys to luks type volumes.
> > 5 . Delete keys from luks type volumes.
> > 6. Close a bunch of bugs.
> > 
> > All volume management can be done through either passphrases or key files.
> > 
> > The core functionality is now in place and next version(version 4) will be
> > for GUI user configuration options of things like font type, font size, use
> > of tray icon and maintaining a list of favorite volumes.
> > 
> 
> I just took a look at the screenshots and I'm a bit surprised about the
> fact keys are generated from /dev/urandom. Even for 512 bits, that is 64
> bytes, wouldn't it be better to read key files from /dev/random ? Unless
> there is a setting allowing the user to explicitly choose the source ?

We had this discussion here several times for the  
LUKS master key.

The potential problem we identified with /dev/random was
entropy starvation. In an interactive application, this 
should not be a problem, just tell the user to move
the mouse a bit. It still can take a few secons to 
generate even 64 random bytes when the pool was just emptied.

Generally, /dev/urandom is enough even for key-grade
material. But making it configurable (as it is for 
cryptsetup) would be definitely a good idea. And then
having cryptsetup use the same when creating a LUKS
container.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

Re: [dm-crypt] zuluCrypt v3.0 released.

[Milan Broz]

On 10/05/2011 05:39 PM, Arno Wagner wrote:
> We had this discussion here several times for the  
> LUKS master key.

And you have full control (both if using cryptsetup wrapper
or libcryptsetup directly) to use urandom and random.

(And there will be also option to use another RNG,
like gcrypt one.)

So just make this configurable in GUI.

Milan

Re: [dm-crypt] zuluCrypt v3.0 released.

[.. ink ..]

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

>
>
>
> And you have full control (both if using cryptsetup wrapper
> or libcryptsetup directly) to use urandom and random.
>
> (And there will be also option to use another RNG,
> like gcrypt one.)
>
> So just make this configurable in GUI.
>
>
I used /dev/urandom because as it has been said, /dev/random is slow and
cryptsetup defaults to /dev/urandom.

There will be a configuration option in the next release for a user to
select what device to use.

ps:
I am quoting/responding to these emails right? This is the first time i am
responding in mailing lists and i dont know how to properly do so.

[-- Attachment #2: Type: text/html, Size: 943 bytes --]

Re: [dm-crypt] zuluCrypt v3.0 released.

[Arno Wagner]

On Wed, Oct 05, 2011 at 02:26:53PM -0400, .. ink .. wrote:
> >
> >
> >
> > And you have full control (both if using cryptsetup wrapper
> > or libcryptsetup directly) to use urandom and random.
> >
> > (And there will be also option to use another RNG,
> > like gcrypt one.)
> >
> > So just make this configurable in GUI.
> >
> >
> I used /dev/urandom because as it has been said, /dev/random is slow and
> cryptsetup defaults to /dev/urandom.
> 
> There will be a configuration option in the next release for a user to
> select what device to use.
> 
> ps:
> I am quoting/responding to these emails right? This is the first time i am
> responding in mailing lists and i dont know how to properly do so.

Looks fine to me.

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

Re: [dm-crypt] zuluCrypt v3.0 released.

[.. ink ..]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

>
>
> >
> > It can now (from the GUI)
> > 1. Create key files( 512 bytes in size composed of only the 94 printable
> > characters).
>
> 512 bits rather than bytes ?
>
>
i meant bytes, for 512 different characters. I just looked at the
documentations and now i cant see why i went with this number since
cryptsetup defaults to 256bits(32 bytes).

Will change in the next version/update to create 32 bytes key files.

[-- Attachment #2: Type: text/html, Size: 753 bytes --]

Re: [dm-crypt] zuluCrypt v3.0 released.

[.. ink ..]

[-- Attachment #1: Type: text/plain, Size: 1431 bytes --]

On Wed, Oct 5, 2011 at 2:18 PM, .. ink .. <mhogomchungu@gmail.com> wrote:

>
>> >
>> > It can now (from the GUI)
>> > 1. Create key files( 512 bytes in size composed of only the 94 printable
>> > characters).
>>
>> 512 bits rather than bytes ?
>>
>>
> i meant bytes, for 512 different characters. I just looked at the
> documentations and now i cant see why i went with this number since
> cryptsetup defaults to 256bits(32 bytes).
>
> Will change in the next version/update to create 32 bytes key files.
>
>
> just saw where i got the "512 bytes" from., running "cryptsetup --help"
gives a bunch of output and there is this output at the end.

Default compiled-in keyfile parameters:
        Maximum keyfile size: 8192kB, Maximum interactive passphrase length
512 (characters)

Default compiled-in device cipher parameters:
        loop-AES: aes, Key 256 bits
        plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing:
ripemd160
        LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing:
sha1, RNG: /dev/urandom

Thats where i got the key file length from. Since my program interfaces with
cryptsetup interactively, i though creating a key file with the maximum size
allowed will be more secured.

Whats the optimum key file size with the above output?
Whats the optimum key file size in general?
The above output seem to suggest 32 bytes files but whats the harm in using
512 bytes?(the maximum allowed)

[-- Attachment #2: Type: text/html, Size: 2214 bytes --]

Re: [dm-crypt] zuluCrypt v3.0 released.

[Quentin Lefebvre]

On 06/10/2011 03:27, .. ink .. wrote :
> On Wed, Oct 5, 2011 at 2:18 PM, .. ink .. <mhogomchungu@gmail.com> wrote:
>
>>
>>>>
>>>> It can now (from the GUI)
>>>> 1. Create key files( 512 bytes in size composed of only the 94
printable
>>>> characters).
>>>
>>> 512 bits rather than bytes ?
>>>
>>>
>> i meant bytes, for 512 different characters. I just looked at the
>> documentations and now i cant see why i went with this number since
>> cryptsetup defaults to 256bits(32 bytes).
>>
>> Will change in the next version/update to create 32 bytes key files.
>>
>>
>> just saw where i got the "512 bytes" from., running "cryptsetup --help"
> gives a bunch of output and there is this output at the end.
>
> Default compiled-in keyfile parameters:
>         Maximum keyfile size: 8192kB, Maximum interactive passphrase
length
> 512 (characters)
>
> Default compiled-in device cipher parameters:
>         loop-AES: aes, Key 256 bits
>         plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing:
> ripemd160
>         LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing:
> sha1, RNG: /dev/urandom
>
> Thats where i got the key file length from. Since my program
interfaces with
> cryptsetup interactively, i though creating a key file with the
maximum size
> allowed will be more secured.
>
> Whats the optimum key file size with the above output?
> Whats the optimum key file size in general?
> The above output seem to suggest 32 bytes files but whats the harm in
using
> 512 bytes?(the maximum allowed)

As far as I now,, it depends on the command line invocation. If you give
no parameter, I think you should use AES (not sure if the key is 128 or
256 bits). But you can change the cipher and key size with appropriate
parameters, as well as the hash algorithm, ... provided your kernel has
the adequate modules loaded. AES key size is either 128 or 256 bits, no
more.
But for example, if you use AES in XTS mode (with something like :
  --cipher=aes-xts-plain )
then you may use 512 bits keys. I'm not aware of longer keys, but not an
expert of cryptsetup though.

Best,
Quentin

Re: [dm-crypt] zuluCrypt v3.0 released.

[Arno Wagner]

On Wed, Oct 05, 2011 at 09:27:26PM -0400, .. ink .. wrote:
[...]
> Thats where i got the key file length from. Since my program interfaces with
> cryptsetup interactively, i though creating a key file with the maximum size
> allowed will be more secured.
> 
> Whats the optimum key file size with the above output?
> Whats the optimum key file size in general?

There is not really one, as longer is cheap and cannot be worse.
My rule of thumb is: Conservative Entropy estimation as basis
and then use 2x ... 10x that length.

> The above output seem to suggest 32 bytes files but whats the harm in using
> 512 bytes?(the maximum allowed)

Nothing at all. Go for 512 Bytes. 

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier