Hi Felix, I assume we are talking LUKS here, plain mode is different. The longer length is both convenience and helps if you use low-entropy input. The keyfile does not actually hold a key (LUKS mode), but a passphrase. Passphrases get hashed, and once you have maximum entropy, you cannot get more. I would need to look up what length is actually used, but it does not depend on the lenght of the encryption key. That one is stored in the anti-forensic stripes, protected with the hash from that passphrase. So, to make this short, if you use LUKS with a keyfile, putting in more entropy than used is meaningless. If your random data is from /dev/random or (properly initialized) /dev/urandom, 64 bytes are more than enough. Also, the differences between an 8kB passphrase and a 64B one in execution time should not be noticeable at all. Unless you read it from floppy disk ;-) Regards, Arno On Wed, Jan 06, 2021 at 10:17:22 CET, Felix Rubio wrote: > Hi everybody, > > I have seen that keyfiles can be used in cryptsetup up to 8 kB, but > internally the master key is 512 bits at max. Is there any recommendation > / increased security by using a random sequence of 8 kB w.r.t., let's say, > one of just 64 bytes? > > I understand that using one of 8kB will require more time than one of 64 B > when unlocking the volume, but... is the former really that much more > secure than the latter? > > Regards! > Felix > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > https://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
