From: Quentin Lefebvre <alto.spam@laposte.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] zuluCrypt v3.0 released.
Date: Thu, 06 Oct 2011 10:36:01 +0200 [thread overview]
Message-ID: <4E8D6871.5030804@laposte.net> (raw)
In-Reply-To: <CAFnMBaTP2xv9bov0-fBhfX9UwED0i1q+FJ-WC0s-K2BpNTzF0Q@mail.gmail.com>
On 06/10/2011 03:27, .. ink .. wrote :
> On Wed, Oct 5, 2011 at 2:18 PM, .. ink .. <mhogomchungu@gmail.com> wrote:
>
>>
>>>>
>>>> It can now (from the GUI)
>>>> 1. Create key files( 512 bytes in size composed of only the 94
printable
>>>> characters).
>>>
>>> 512 bits rather than bytes ?
>>>
>>>
>> i meant bytes, for 512 different characters. I just looked at the
>> documentations and now i cant see why i went with this number since
>> cryptsetup defaults to 256bits(32 bytes).
>>
>> Will change in the next version/update to create 32 bytes key files.
>>
>>
>> just saw where i got the "512 bytes" from., running "cryptsetup --help"
> gives a bunch of output and there is this output at the end.
>
> Default compiled-in keyfile parameters:
> Maximum keyfile size: 8192kB, Maximum interactive passphrase
length
> 512 (characters)
>
> Default compiled-in device cipher parameters:
> loop-AES: aes, Key 256 bits
> plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing:
> ripemd160
> LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing:
> sha1, RNG: /dev/urandom
>
> Thats where i got the key file length from. Since my program
interfaces with
> cryptsetup interactively, i though creating a key file with the
maximum size
> allowed will be more secured.
>
> Whats the optimum key file size with the above output?
> Whats the optimum key file size in general?
> The above output seem to suggest 32 bytes files but whats the harm in
using
> 512 bytes?(the maximum allowed)
As far as I now,, it depends on the command line invocation. If you give
no parameter, I think you should use AES (not sure if the key is 128 or
256 bits). But you can change the cipher and key size with appropriate
parameters, as well as the hash algorithm, ... provided your kernel has
the adequate modules loaded. AES key size is either 128 or 256 bits, no
more.
But for example, if you use AES in XTS mode (with something like :
--cipher=aes-xts-plain )
then you may use 512 bits keys. I'm not aware of longer keys, but not an
expert of cryptsetup though.
Best,
Quentin
next prev parent reply other threads:[~2011-10-06 8:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-05 6:28 [dm-crypt] zuluCrypt v3.0 released .. ink ..
2011-10-05 15:07 ` Quentin Lefebvre
2011-10-05 15:39 ` Arno Wagner
2011-10-05 16:13 ` Milan Broz
2011-10-05 18:26 ` .. ink ..
2011-10-05 21:36 ` Arno Wagner
2011-10-05 18:18 ` .. ink ..
2011-10-06 1:27 ` .. ink ..
2011-10-06 8:36 ` Quentin Lefebvre [this message]
2011-10-06 14:27 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8D6871.5030804@laposte.net \
--to=alto.spam@laposte.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.