[dm-crypt] request for zulucrypt to be mentioned in cryptsetup main page.

Sven Eschenberg sven at whgl.uni-frankfurt.de
Thu Sep 15 08:20:38 CEST 2011


Well, it would not make to much sense to have more entropy in your keyfile
than your MK is long. As such, as little as MK-bits of entropy in the
keyfile are sufficient. On the other hand there are no contraints of
minimum key length, that's all up to the user, afaik.

You should consider though increasing the iteration time, when the
passphrase is short. The shorter the phrase (the less entropy) the more
iterations in Key Stretching should be done, otherwise you could aswell
save the computational power wasted in the encryption.

On a sidenote: As far as I know cryptsetup will read no more than MK-Bits
from keyfiles, but Milan should be able to tell you for sure. This would
mean though, that a keyfile is expected to have good entropy.

Best approach of course would be to determine the entropy of the
keyfile/passphrase, compare it to the requested keylength (and mode) and
then decide what to do: Reject, compensate by key stretching, Accept.

Regards

-Sven

On Thu, September 15, 2011 02:41, .. ink .. wrote:
> just committed support for opening both mass storage devices and files
> using
>  either a pass phrase or a key-file both in the command line and GUI. Both
> will be officially supported when i make a new release sometime before the
> wee is over.
>
> What feature(s) must the project gain to be mentioned in cryptsetup main
> page?
> Who must i contant to request the project be mentioned like
> "FreeOTFE<http://freeotfe.org/>
> "?
>
> Is there a limit of how small or big a key-file is supposed to be? what
> about passphrases?
>
> The project i am talking about is att: http://code.google.com/p/zulucrypt/
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list