Thank you for your answer Arno... and for confirming that I should
finally get rid of those double density floppy disks and reader :-P
Regards!
Felix
---
Felix Rubio
"Don't believe what you're told. Double check."
On 2021-01-06 11:47, Arno Wagner wrote:
Hi Felix,
I assume we are talking LUKS here, plain mode is different.
The longer length is both convenience and helps if you
use low-entropy input. The keyfile does not actually
hold a key (LUKS mode), but a passphrase. Passphrases
get hashed, and once you have maximum entropy, you
cannot get more. I would need to look up what length
is actually used, but it does not depend on the lenght
of the encryption key. That one is stored in the anti-forensic
stripes, protected with the hash from that passphrase.
So, to make this short, if you use LUKS with a keyfile,
putting in more entropy than used is meaningless.
If your random data is from /dev/random or (properly
initialized) /dev/urandom, 64 bytes are more than enough.
Also, the differences between an 8kB passphrase and a
64B one in execution time should not be noticeable at all.
Unless you read it from floppy disk ;-)
Regards,
Arno
On Wed, Jan 06, 2021 at 10:17:22 CET, Felix Rubio wrote:
Hi everybody,
I have seen that keyfiles can be used in cryptsetup up to 8 kB, but
internally the master key is 512 bits at max. Is there any
recommendation
/ increased security by using a random sequence of 8 kB w.r.t., let's
say,
one of just 64 bytes?
I understand that using one of 8kB will require more time than one of
64 B
when unlocking the volume, but... is the former really that much more
secure than the latter?
Regards!
Felix
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
