Re: [dm-crypt] length of keyfiles

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] length of keyfiles
Date: Wed, 6 Jan 2021 15:06:57 +0100	[thread overview]
Message-ID: <20210106140657.GA14652@tansi.org> (raw)
In-Reply-To: <4eecfe4743d91d6cc565a276776d1020@kngnt.org>

I have not done an in-dept investigation on what openssl uses,
but some people claim that it probably uses /dev/random
as source. So basically the same if these claims are correct.

And yes, those DD floppies are a bit outdated now ;-)

Regards,
Arno

On Wed, Jan 06, 2021 at 12:17:30 CET, Felix Rubio wrote:
> Follow up question: right now I am generating the 4 kB keyfile using openssl
> rand 4096. Should the quality of the key, then, be the same if doing dd
> if=/dev/random bs=64 count=1?
> 
> Thank you!
> Felix
> 
> On 2021-01-06 12:08, Felix Rubio wrote:
> > Thank you for your answer Arno... and for confirming that I should
> > finally get rid of those double density floppy disks and reader :-P
> > 
> > Regards!
> > Felix
> > 
> > On 2021-01-06 11:47, Arno Wagner wrote:
> > > Hi Felix,
> > > 
> > > I assume we are talking LUKS here, plain mode is different.
> > > 
> > > The longer length is both convenience and helps if you
> > > use low-entropy input. The keyfile does not actually
> > > hold a key (LUKS mode), but a passphrase. Passphrases
> > > get hashed, and once you have maximum entropy, you
> > > cannot get more. I would need to look up what length
> > > is actually used, but it does not depend on the lenght
> > > of the encryption key. That one is stored in the anti-forensic
> > > stripes, protected with the hash from that passphrase.
> > > 
> > > So, to make this short, if you use LUKS with a keyfile,
> > > putting in more entropy than used is meaningless.
> > > If your random data is from /dev/random or (properly
> > > initialized) /dev/urandom, 64 bytes are more than enough.
> > > 
> > > Also, the differences between an 8kB passphrase and a
> > > 64B one in execution time should not be noticeable at all.
> > > Unless you read it from floppy disk ;-)
> > > 
> > > Regards,
> > > Arno
> > > 
> > > 
> > > On Wed, Jan 06, 2021 at 10:17:22 CET, Felix Rubio wrote:
> > > > Hi everybody,
> > > > 
> > > > I have seen that keyfiles can be used in cryptsetup up to 8 kB, but
> > > > internally the master key is 512 bits at max.  Is there any
> > > > recommendation
> > > > / increased security by using a random sequence of 8 kB w.r.t.,
> > > > let's say,
> > > > one of just 64 bytes?
> > > > 
> > > > I understand that using one of 8kB will require more time than
> > > > one of 64 B
> > > > when unlocking the volume, but...  is the former really that
> > > > much more
> > > > secure than the latter?
> > > > 
> > > > Regards!
> > > > Felix
> > > > _______________________________________________
> > > > dm-crypt mailing list
> > > > dm-crypt@saout.de
> > > > https://www.saout.de/mailman/listinfo/dm-crypt
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > https://www.saout.de/mailman/listinfo/dm-crypt
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt