From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoVlQPN3KPgM for ; Thu, 28 Jun 2012 09:54:56 +0200 (CEST) Received: from mail-bk0-f50.google.com (mail-bk0-f50.google.com [209.85.214.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 28 Jun 2012 09:54:56 +0200 (CEST) Received: by bkcjg9 with SMTP id jg9so2160509bkc.37 for ; Thu, 28 Jun 2012 00:54:56 -0700 (PDT) Message-ID: <4FEC0DCA.9090604@gmail.com> Date: Thu, 28 Jun 2012 09:54:50 +0200 From: Milan Broz MIME-Version: 1.0 References: <20120628063449.GB1499@fancy-poultry.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] maximum keyfile size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 06/28/2012 09:01 AM, .. ink .. wrote: >> AFAIK this is a limit which is set at compile time, see "configure >> --help". I assume it's not hardcoded. yes, all these limit are configurable through configure switches. > cryptsetup 1.4.3 and 1.5.o-rc1 seem to have a typo in ./configure > --help in the key size options > > both read: > > --with-keyfile-size-maxkb > default maximum keyfile size (in kilobytes) [8192] > --with-passphrase-size-max > default maximum keyfile size (in kilobytes) [512] > > > the explanation for passphrase size is talking about keyfile, not > passphrase. It also seem to suggest the max passphrase length is > 512000 bytes( characters) while cryptsetup --help says its 512 > characters. Yes, copy&paste error, will fix it. Passphrase is interactively entered string (from real terminal, not stdint), keyfile is everything else. You can overwrite keyfile limit with explicitly setting --keyfile-size. (You cannot overwrite interactive password length though.) Both limits apply even for library. Milan