Jari Ruusu wrote: > Interactively typed passwords have a limit of 127 bytes. That 127 byte limit > comes from getpass() limit. If password is read from file descriptor (losetup > "-p 0" option), then it is limited by mlock()able RAM size only. Interactively, 127 bytes - OK (don't want to use that one, I want to use the "-p 0" option). How do I find out the limit of mlock()able RAM sizes? If I could use a *very* long password, say 2048 - 8192 bytes. How is the password used to encrypt the data? Does performance go down when I use a long password compared to a short password? > > If it is possible to have *very* long passwords (random data), then it would > > be nice to have the possiblity to split up the single-key password to be > > used as the keys in the same way as the keys in the multi-key mode is used. > > For example: assume that you have a 2048 characters password. Split this > > password in 64 equal sizes and you will have 64 different passwords each > > with the length of 32 characters. Then, you should be able to use these > > passwords in multi-key mode (if the loop-AES is patched to be able to work > > with this setup, of course...). > > That would break backwards compatibility. Of course, you will need to use a new flag at the command line. > May I suggest that you put gpg encrypted key file in /etc/foo.gpg and use > that 2048 characters long passphrase to decrypt the key file. > > Or are you "no stinking gpg on my box" person? I have not used gpg before, maybe I will use it later on. However, I think it's bad to let loop-AES depend on gpg to make the security level higher that the security level you could get with a password (a *very* long password, as described above). I have been using mcrypt to encrypt a key file (which is my *very* long password). Then, I decrypt the key file before it is piped to the losetup command. Like this: # cat keyfile | mcrypt -d | losetup -p 0 -e aes256 /dev/loop1 /dev/sda1 # mount /dev/loop1 /mnt/vault NOTE! The command line options for mcrypt is not complete. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
