It may be useless but it doesn't cause any harm. And it may even be useful in the case of a compromised RNG. The main advantage I see is saving on the expensive iterated hashing, but then you could accomplish almost the same by just specifying a low iteration count/time. -- Roscoe On Fri, Aug 14, 2009 at 5:36 PM, Thomas Bächler<thomas@xxxxxxxxxxxxx> wrote: > The iterated hashing process used in LUKS' key slots is useful for > (potentially weak) passphrases. However, it is useless if the key slot is > locked with a cryptographically strong key file (like a file created from > /dev/random). > > Therefore I propose the addition of a "raw key slot" feature to LUKS, where > a key that has the exact length of the master key is simply XOR'ed to the > master key and saved in the key slot (after the usual striping of course). > > I don't see any obvious security implications with this feature. If there > are any, I'd be interested. Please consider this for a future LUKS > specification. > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
