From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5550C433DB for ; Wed, 6 Jan 2021 14:07:51 +0000 (UTC) Received: from mail.server123.net (mail.server123.net [78.46.64.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 366B622CA2 for ; Wed, 6 Jan 2021 14:07:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 366B622CA2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=wagner.name Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de X-Virus-Scanned: amavisd-new at saout.de Received-SPF: None (mailfrom) identity=mailfrom; client-ip=84.19.178.47; helo=v1.tansi.org; envelope-from=arno@wagner.name; receiver= Received: from v1.tansi.org (mail.tansi.org [84.19.178.47]) by mail.server123.net (Postfix) with ESMTP for ; Wed, 6 Jan 2021 15:06:58 +0100 (CET) Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245]) by v1.tansi.org (Postfix) with ESMTPA id 3F00114004F for ; Wed, 6 Jan 2021 15:06:58 +0100 (CET) Received: by gatewagner.dyndns.org (Postfix, from userid 1000) id A9C2717A458; Wed, 6 Jan 2021 15:06:57 +0100 (CET) Date: Wed, 6 Jan 2021 15:06:57 +0100 From: Arno Wagner To: dm-crypt@saout.de Message-ID: <20210106140657.GA14652@tansi.org> Mail-Followup-To: dm-crypt@saout.de References: <20210106104746.GA3386@tansi.org> <3674619b2202e99b31fac7043e6edba5@kngnt.org> <4eecfe4743d91d6cc565a276776d1020@kngnt.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4eecfe4743d91d6cc565a276776d1020@kngnt.org> User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [dm-crypt] length of keyfiles X-BeenThere: dm-crypt@saout.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dm-crypt-bounces@saout.de Sender: "dm-crypt" I have not done an in-dept investigation on what openssl uses, but some people claim that it probably uses /dev/random as source. So basically the same if these claims are correct. And yes, those DD floppies are a bit outdated now ;-) Regards, Arno On Wed, Jan 06, 2021 at 12:17:30 CET, Felix Rubio wrote: > Follow up question: right now I am generating the 4 kB keyfile using openssl > rand 4096. Should the quality of the key, then, be the same if doing dd > if=/dev/random bs=64 count=1? > > Thank you! > Felix > > On 2021-01-06 12:08, Felix Rubio wrote: > > Thank you for your answer Arno... and for confirming that I should > > finally get rid of those double density floppy disks and reader :-P > > > > Regards! > > Felix > > > > On 2021-01-06 11:47, Arno Wagner wrote: > > > Hi Felix, > > > > > > I assume we are talking LUKS here, plain mode is different. > > > > > > The longer length is both convenience and helps if you > > > use low-entropy input. The keyfile does not actually > > > hold a key (LUKS mode), but a passphrase. Passphrases > > > get hashed, and once you have maximum entropy, you > > > cannot get more. I would need to look up what length > > > is actually used, but it does not depend on the lenght > > > of the encryption key. That one is stored in the anti-forensic > > > stripes, protected with the hash from that passphrase. > > > > > > So, to make this short, if you use LUKS with a keyfile, > > > putting in more entropy than used is meaningless. > > > If your random data is from /dev/random or (properly > > > initialized) /dev/urandom, 64 bytes are more than enough. > > > > > > Also, the differences between an 8kB passphrase and a > > > 64B one in execution time should not be noticeable at all. > > > Unless you read it from floppy disk ;-) > > > > > > Regards, > > > Arno > > > > > > > > > On Wed, Jan 06, 2021 at 10:17:22 CET, Felix Rubio wrote: > > > > Hi everybody, > > > > > > > > I have seen that keyfiles can be used in cryptsetup up to 8 kB, but > > > > internally the master key is 512 bits at max. Is there any > > > > recommendation > > > > / increased security by using a random sequence of 8 kB w.r.t., > > > > let's say, > > > > one of just 64 bytes? > > > > > > > > I understand that using one of 8kB will require more time than > > > > one of 64 B > > > > when unlocking the volume, but... is the former really that > > > > much more > > > > secure than the latter? > > > > > > > > Regards! > > > > Felix > > > > _______________________________________________ > > > > dm-crypt mailing list > > > > dm-crypt@saout.de > > > > https://www.saout.de/mailman/listinfo/dm-crypt > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > https://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > https://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@saout.de https://www.saout.de/mailman/listinfo/dm-crypt