[dm-crypt] request for zulucrypt to be mentioned in cryptsetup main page.

Arno Wagner arno at wagner.name
Thu Sep 15 11:00:00 CEST 2011


On Thu, Sep 15, 2011 at 08:20:38AM +0200, Sven Eschenberg wrote:
> Well, it would not make to much sense to have more entropy in your keyfile
> than your MK is long. As such, as little as MK-bits of entropy in the
> keyfile are sufficient. 

True, but keep in mind that you do not necessarily have 1 bit/bit
of entropy in the input. In fact you basically never have that.
So what you do is read more to create a safety margin.

> On the other hand there are no contraints of
> minimum key length, that's all up to the user, afaik.
> 
> You should consider though increasing the iteration time, when the
> passphrase is short. The shorter the phrase (the less entropy) the more
> iterations in Key Stretching should be done, otherwise you could aswell
> save the computational power wasted in the encryption.

Unfortunately, passphrase length is only very weakly connected to
entropy contents. This approach would tehrefore be dangerous.
What you do is to always iterate like you have a low-entropy
passphrase, no matter what the passphrase looks like.

Example:

"Researcher Builds Life-Like Cells Made of Metal"

would typically be seen as having about 120 bits of entropy
(2/char). However this is a slashdot headline ans has more
realistically abouy 15 bits of entropy (my WAG) as a realistic
measure...

> On a sidenote: As far as I know cryptsetup will read no more than MK-Bits
> from keyfiles, but Milan should be able to tell you for sure. This would
> mean though, that a keyfile is expected to have good entropy.

THe keyfile for a master key is the master key verbatim, i.e.
no hasing, iteration, salting. A keyfile containing a passphrase
is different and goes though the normal process. As such it
can have arbtrary length. Ther is a aprameter to constrain
maximum lenght read. This is useful when reading, e.g. from
/dev/urandom and to cut off a lne end.


> Best approach of course would be to determine the entropy of the
> keyfile/passphrase, compare it to the requested keylength (and mode) and

In practice this is infeasible, see example above.

> then decide what to do: Reject, compensate by key stretching, Accept.

You basically can only accept and hope the user knows what they do.

Arno

> Regards
> 
> -Sven
> 
> On Thu, September 15, 2011 02:41, .. ink .. wrote:
> > just committed support for opening both mass storage devices and files
> > using
> >  either a pass phrase or a key-file both in the command line and GUI. Both
> > will be officially supported when i make a new release sometime before the
> > wee is over.
> >
> > What feature(s) must the project gain to be mentioned in cryptsetup main
> > page?
> > Who must i contant to request the project be mentioned like
> > "FreeOTFE<http://freeotfe.org/>
> > "?
> >
> > Is there a limit of how small or big a key-file is supposed to be? what
> > about passphrases?
> >
> > The project i am talking about is att: http://code.google.com/p/zulucrypt/
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list