Re: different default key sizes for CREATE and LUKSFORMAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If the reason is historically only, it might be a kind of security issue
(low priority) because this behaviour could result in wrong expectations
of users on the system regarding the default key size. A user who learns
that the default key size (using "create") is 256 bit but uses
"luksFormat" (which uses 128 bit) instead, may be misleaded. Therefore
it may be better to harmonize both default values.

Stefan


Arno Wagner schrieb:
> "create" is plain dm-crypt, luskFormat is creation of
> a LUKS header. I suspect the reason is historical, as
> these are two different encryption systems.
> 
> Arno
> 
> 
> 
> On Tue, Nov 17, 2009 at 11:45:40PM +0100, Stefan Xenon wrote:
>> Hi!
>> In the man page for cryptsetup is written regarding the option --key-size :
>>
>> "Can be used for create or luksFormat,  all
>> other  LUKS  actions  will  ignore this flag, as the key-size is
>> specified by the partition header. Default is 128 for luksFormat
>> and 256 for create."
>>
>> I am wondering what is the reason for two different default key sizes?
>>
>> Thanks
>> Stefan
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@xxxxxxxx
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
> 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux