Well, it would not make to much sense to have more entropy in your keyfile than your MK is long. As such, as little as MK-bits of entropy in the keyfile are sufficient. On the other hand there are no contraints of minimum key length, that's all up to the user, afaik. You should consider though increasing the iteration time, when the passphrase is short. The shorter the phrase (the less entropy) the more iterations in Key Stretching should be done, otherwise you could aswell save the computational power wasted in the encryption. On a sidenote: As far as I know cryptsetup will read no more than MK-Bits from keyfiles, but Milan should be able to tell you for sure. This would mean though, that a keyfile is expected to have good entropy. Best approach of course would be to determine the entropy of the keyfile/passphrase, compare it to the requested keylength (and mode) and then decide what to do: Reject, compensate by key stretching, Accept. Regards -Sven On Thu, September 15, 2011 02:41, .. ink .. wrote: > just committed support for opening both mass storage devices and files > using > either a pass phrase or a key-file both in the command line and GUI. Both > will be officially supported when i make a new release sometime before the > wee is over. > > What feature(s) must the project gain to be mentioned in cryptsetup main > page? > Who must i contant to request the project be mentioned like > "FreeOTFE<http://freeotfe.org/> > "? > > Is there a limit of how small or big a key-file is supposed to be? what > about passphrases? > > The project i am talking about is att: http://code.google.com/p/zulucrypt/ > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
