On Thu, Sep 15, 2011 at 08:20:38AM +0200, Sven Eschenberg wrote: > Well, it would not make to much sense to have more entropy in your keyfile > than your MK is long. As such, as little as MK-bits of entropy in the > keyfile are sufficient. True, but keep in mind that you do not necessarily have 1 bit/bit of entropy in the input. In fact you basically never have that. So what you do is read more to create a safety margin. > On the other hand there are no contraints of > minimum key length, that's all up to the user, afaik. > > You should consider though increasing the iteration time, when the > passphrase is short. The shorter the phrase (the less entropy) the more > iterations in Key Stretching should be done, otherwise you could aswell > save the computational power wasted in the encryption. Unfortunately, passphrase length is only very weakly connected to entropy contents. This approach would tehrefore be dangerous. What you do is to always iterate like you have a low-entropy passphrase, no matter what the passphrase looks like. Example: "Researcher Builds Life-Like Cells Made of Metal" would typically be seen as having about 120 bits of entropy (2/char). However this is a slashdot headline ans has more realistically abouy 15 bits of entropy (my WAG) as a realistic measure... > On a sidenote: As far as I know cryptsetup will read no more than MK-Bits > from keyfiles, but Milan should be able to tell you for sure. This would > mean though, that a keyfile is expected to have good entropy. THe keyfile for a master key is the master key verbatim, i.e. no hasing, iteration, salting. A keyfile containing a passphrase is different and goes though the normal process. As such it can have arbtrary length. Ther is a aprameter to constrain maximum lenght read. This is useful when reading, e.g. from /dev/urandom and to cut off a lne end. > Best approach of course would be to determine the entropy of the > keyfile/passphrase, compare it to the requested keylength (and mode) and In practice this is infeasible, see example above. > then decide what to do: Reject, compensate by key stretching, Accept. You basically can only accept and hope the user knows what they do. Arno > Regards > > -Sven > > On Thu, September 15, 2011 02:41, .. ink .. wrote: > > just committed support for opening both mass storage devices and files > > using > > either a pass phrase or a key-file both in the command line and GUI. Both > > will be officially supported when i make a new release sometime before the > > wee is over. > > > > What feature(s) must the project gain to be mentioned in cryptsetup main > > page? > > Who must i contant to request the project be mentioned like > > "FreeOTFE<http://freeotfe.org/> > > "? > > > > Is there a limit of how small or big a key-file is supposed to be? what > > about passphrases? > > > > The project i am talking about is att: http://code.google.com/p/zulucrypt/ > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
