The iterated hashing process used in LUKS' key slots is useful for
(potentially weak) passphrases. However, it is useless if the key slot
is locked with a cryptographically strong key file (like a file created
from /dev/random).
Therefore I propose the addition of a "raw key slot" feature to LUKS,
where a key that has the exact length of the master key is simply XOR'ed
to the master key and saved in the key slot (after the usual striping of
course).
I don't see any obvious security implications with this feature. If
there are any, I'd be interested. Please consider this for a future LUKS
specification.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
