Anon wrote: > Hello all, > > This question is for Jari. > > In the loop-AES.README file, in section 7.2. Example 2 is the following instruction that makes a > uuencoded key file that gets piped through gpg (on the second line of this command): > head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 > > This key file has 45 bytes of uuencoded random data per line. How does loop-AES use the data on > each line?: > 1) does loop-AES use the data as read from the key file, thereby limiting AES disk keys to only > printable characters instead of the full possible values from 0 to 255 per byte, or > 2) does loop-AES uudecode the data thereby using the original, raw randomly generated data, or > 3) some other way (please describe) 3) The "keys" are not used directly. In normal setups they are hashed into a binary-value as needed for the used cipher before use. e.g. 128bits for AES128. As you correctly say below the "entropy" of the 45*8=360 bits isn't reduced by representing them as base64-coded data. The hashed-value is different because of the "fill"-bits, but the strength of the algorithm stays the same. > I ask because I would like to know if the range of possible values per AES disk key is > artificially reduced by the uuencoding process, and the possibility of introducing a weakness into > the encryption system through the patterned process of uuencoding. > > Also, if loop-AES uses method number 2 above, then each line contains 360 bits of random data. > So, does loop-AES discard the "excess" bits it does not use? For example, if 256 bit AES is used, > does loop-AES discard 104 bits of data from each line of the key file? > > Could loop-AES use a key file that contains binary or hex data instead of the uuencoded data? -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
