[dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines

public inbox for dm-crypt@saout.de
 help / color / mirror / Atom feed

* [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines
       [not found] <269697254.1965946.1594846149229.ref@mail.yahoo.com>
@ 2020-07-15 20:49 ` John Wiersba
  2020-07-16 15:08   ` Arno Wagner
  0 siblings, 1 reply; 2+ messages in thread
From: John Wiersba @ 2020-07-15 20:49 UTC (permalink / raw)
  To: dm-crypt@saout.de

[-- Attachment #1: Type: text/plain, Size: 1777 bytes --]

The FAQ as of today (2020/7/15) states

Make sureno trailing newline (0x0a) is contained in the input key file, or thepassphrase will not work because the whole file is used as input.

But then a few lines later it suggests

head -c 256 /dev/random > keyfile

Obviously if /dev/random is used, it's possible that the keyfile will end with a trailing newline.
I think you're trying to distinguish between 

   - A file which contains a human-readable passphrase which could also be entered interactively, and    

   - A file which contains random bytes.     

In order for a passphrase to be entered interactively, the passphrase must not end with a newline.  Therefore, when intending to use both a keyfile containing a passphrase and also enter that same passphrase interactively, the keyfile should not contain a newline (anywhere), including a trailing newline.  If a keyfile does contain a newline (anywhere), the text of that keyfile will not be able to be entered interactively as a passphrase.
Additionally, I see lots of guidance on the length of a keyfile which uses magic numbers, both on the internet and also in the FAQ.  Examples are the value 256 above, and the parameters bs=512 count=8 for dd.  If I understand the FAQ correctly, the actual advice is

Plain dm-crypt: Use > 80 bit.  ...  If paranoid, add at least 20 bit.

This implies (taking the worst case) that 

head -c 13 /dev/random

should be sufficient (13 * 8 bytes = 104 bits > 81+20 bits), and 256 bytes is "overkill".  I do understand that some reasonable amount of overkill is essentially "free" and therefore can be used "just in case".

Did I understand these two concepts correctly, and if so, could you clarify the FAQ?
Thanks!-- John Wiersba

[-- Attachment #2: Type: text/html, Size: 3087 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines
  2020-07-15 20:49 ` [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines John Wiersba
@ 2020-07-16 15:08   ` Arno Wagner
  0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2020-07-16 15:08 UTC (permalink / raw)
  To: dm-crypt

Hi John,

On Wed, Jul 15, 2020 at 22:49:09 CEST, John Wiersba wrote:
>    The FAQ as of today (2020/7/15) states
> 
>    Make sure no trailing newline (0x0a) is contained in the input key
>    file, or the passphrase will not work because the whole file is used as
>    input.
> 
>    But then a few lines later it suggests
> 
>    head -c 256 /dev/random > keyfile
> 
>    Obviously if /dev/random is used, it's possible that the keyfile will
>    end with a trailing newline.
>    I think you're trying to distinguish between
>     1. A file which contains a human-readable passphrase which could also
>        be entered interactively, and
>     2. A file which contains random bytes.

You are overthinking this, I think.

If you create the keyfile via a text-editor, make sure you have no 
trailing newling (unless you _want_ that traling newline to be part 
of the passphrase). Many UNIX editors add that trailing newline
when saving a file automatically and then you have a character in 
there you do not see but which is part of the passphrase.
This comment just simplifies debugging the problem.

If you create a new random keyfile, whatever bytes are in
there are fine. A random keyfile will contain (almost certainly ;-)
a lot of characters you cannot enter interactively anyways,
hence this does not have "interactive entry" as use-case.

[...] 

>    Additionally, I see lots of guidance on the length of a keyfile which
>    uses magic numbers, both on the internet and also in the FAQ.  Examples
>    are the value 256 above, and the parameters bs=512 count=8 for dd.  If
>    I understand the FAQ correctly, the actual advice is
> 
>    Plain dm-crypt: Use > 80 bit.  ...  If paranoid, add at least 20 bit.
> 
>    This implies (taking the worst case) that
> 
>    head -c 13 /dev/random
> 
>    should be sufficient (13 * 8 bytes = 104 bits > 81+20 bits), and 256
>    bytes is "overkill".  I do understand that some reasonable amount of
>    overkill is essentially "free" and therefore can be used "just in
>    case".

Yes. When it costs you nothing, use more. When it costs you something,
what you quoted gives you a generally reasonable trade-off.
Regards,
Arno


>    Did I understand these two concepts correctly, and if so, could you
>    clarify the FAQ?
>    Thanks!
>    -- John Wiersba



> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-07-16 15:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <269697254.1965946.1594846149229.ref@mail.yahoo.com>
2020-07-15 20:49 ` [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines John Wiersba
2020-07-16 15:08   ` Arno Wagner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox