FYI the command head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --symmetric -a >/a/usbstick/keyfile.gpg produces a key that will work with AES128, 192, 256 or other cipher you use it with; it is independent of the cipher. Because of the "head" and "tail" commands being used, you could type head -c 10000000 ... and still end up with a key of the same size. I tried this once and any value equal to or over 2925 will not change the size of the key, because head and tail concatenate the output. When I setup loop-aes I used a patched version of gpg (the patch that came with loop-aes) as well as the --cipher-algo=AES256 option on gpg as gpg defaults to CAST5 as the cipher. David Marvin Lyndon wrote: > Well, I decided to just go ahead and use AES128. Concluded that, as with > all computing stuff, it is too easy to get carried away by the "let's go > for the largest number" mentality whenever confronted with a choice and > don't really know any of the details. : ) > > With that out of the way, and just out of curiosity, could anyone clear > up the decision of having 2925 bytes? I can tell that divided by 65 it > means that each key will be 45 bytes long; but what is the rationale > here? My understanding of these issues is very dim, but how does this > number of 45 bytes relate with the use of AES128? Similarly, why would > someone using AES256 pick 90-byte keys? > > Thanks for educating me, > > Marv > > >> From: Bradley Worley <geekysuavo@xxxxxxxxx> >> To: Marvin Lyndon <marvin.lyndon@xxxxxxxxxxx> >> CC: linux-crypto@xxxxxxxxxxxx >> Subject: Re: different instructions for use with aes256? >> Date: Tue, 25 Oct 2005 15:37:49 -0500 >> >> that code seems to work just fine, since almost all examples on the >> net use either 2925 bytes from /dev/random or 2880 bytes. however, i >> guess if you really want to be picky you can up it to 5850 bytes >> (double 2925), since you are technically doubling your key sizes. >> (it's a wild guess, really.) >> >> ~ brad. >> >> On 10/25/05, Marvin Lyndon <marvin.lyndon@xxxxxxxxxxx> wrote: >> > Hi all, >> > >> > I have successfully followed all the steps in the loop-AES readme file. >> > Since I couldn't find any reference to this, I would like to know >> whether >> > the step in which one creates the 65 random keys >> > >> > head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ >> > | gpg --symmetric -a >/a/usbstick/keyfile.gpg >> > >> > needs any modification for use in AES256 mode. Or is it enough to >> replace >> > all occurrences of AES128 with AES256 as one follows the README file? >> > >> > Thanks for any help >> > >> > Marv >> > >> > _________________________________________________________________ >> > FREE pop-up blocking with the new MSN Toolbar – get it now! >> > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ >> > >> > >> > - >> > Linux-crypto: cryptography in and on the Linux system >> > Archive: http://mail.nl.linux.org/linux-crypto/ >> > >> > > > > _________________________________________________________________ > Don’t just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
