Re: [dm-crypt] bits vs bytes - Michael Kjörling

public inbox for dm-crypt@saout.de
 help / color / mirror / Atom feed

From: "Michael Kjörling" <michael@kjorling.se>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] bits vs bytes
Date: Tue, 31 Mar 2020 07:06:00 +0000	[thread overview]
Message-ID: <17450c9e-dc0b-4990-aee6-811bbf6b937d@localhost> (raw)
In-Reply-To: <1807406216.1448262.1585603129820@mail.yahoo.com>

On 30 Mar 2020 21:18 +0000, from moreejt@yahoo.com (JT Morée):
> I'm trying to see how much space my 'key' is using up within the
> allocated space of the LUKS header and for import/export.  That's
> real meaning ;-)

If that is your goal, then you really should be asking about that. In
general, ask about what you want to know (while stating your ultimate
goal), not what you _think_ will tell you the answer to what you
_actually_ want to know. Asking about something other than what you
actually want to know is liable to get you the wrong answer (or at
least a useless one), and likely to waste peoples' time. That helps
noone.

Also, for LUKS, it's not as easy as just taking the cryptographic key
length, because the cryptographic key isn't stored directly, even
encrypted. Rather, the key is stretched on-disk (via the "AF" or
anti-forensic stripes), in part to make it easier to overwrite enough
key material to make recovery via an exhaustive search guided by the
remaining on-disk data impractical. That forces an attacker to either
attack the passphrase (via the iterated, salted hash) or the
randomly-selected bulk encryption key directly. If you choose a good
passphrase and/or set a high enough iteration count, both can be made
equally impractical.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
 “Remember when, on the Internet, nobody cared that you were a dog?”

     prev parent reply	other threads:[~2020-03-31  7:11 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <566872408.1293730.1585598590645.ref@mail.yahoo.com>
2020-03-30 20:03 ` [dm-crypt] bits vs bytes JT Morée
2020-03-30 20:25   ` Michael Kjörling
2020-03-30 21:00     ` Arno Wagner
2020-03-30 21:18       ` JT Morée
     [not found]         ` <20200331014306.GA2009@tansi.org>
2020-03-31  5:35           ` JT Morée
2020-03-31  6:43             ` Arno Wagner
2020-03-31  6:55               ` Michael Kjörling
2020-03-31  9:32                 ` Arno Wagner
2020-03-31  7:06         ` Michael Kjörling [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=17450c9e-dc0b-4990-aee6-811bbf6b937d@localhost \
    --to=michael@kjorling.se \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox