[dm-crypt] Master key question

Sven Eschenberg sven at whgl.uni-frankfurt.de
Fri Dec 21 02:10:04 CET 2012


David,

Please look at the man page more thoroughly, your question are covered
there (current version of cryptsetup+manpage is assumed):
The masterkey gets generated if not supplied (stating the obvious here).
The entropy source depends on compile time preset, which can be overridden
(see OPTIONS/--use-random) on invocation

With LUKS, key derivation is always applied to the passphrase (no matter
where it originates from, it's just that the input channel determines the
possible limitations that apply to the passphrase)

Please read the following Sections of the man page closely:
2.)NOTES ON PASSPHRASE PROCESSING FOR LUKS
1.)NOTES ON RANDOM NUMBER GENERATORS

And possibly OPTIONS/master-key-file

Regards

-Sven


On Thu, December 20, 2012 16:16, David Li wrote:
> Sven,
>
> I have several questions regarding the master key or key use in general
> that so far I haven't been able to find answers in FAQ or man pages.
>
> 1. If I don't supply a master key or key file explicitly at luksFormat,
> will it be automatically generated? On Linux, is it generated by
> /dev/random?
>
> 2. If I use only key files (no passwords or phrases), will PBKDF be
> bypassed internally? Will the key file bits be used directly to encrypt
> and
> decrypt the master key?
>
>
> David
>
>
>
> On Wed, Dec 19, 2012 at 11:03 PM, Sven Eschenberg <
> sven at whgl.uni-frankfurt.de> wrote:
>
>> No, the key supplied during luksFormat is the initial skot-0 key. The
>> masterkey is generated or can alternativly be supplied on the same
>> command
>> line.
>>
>> This is covered in the man page (as well as the FAQ AFAIK).
>>
>> Quote from man page:
>> luksFormat <device> [<key file>]
>> Initializes a LUKS partition and  sets  the  initial  passphrase
>> (for  key-slot  0), either via prompting or via <key file>.
>>
>> Regards
>>
>> -Sven
>>
>> On Thu, December 20, 2012 05:47, David Li wrote:
>> > Is the master key the key used in luksFormat?
>> > _______________________________________________
>> > dm-crypt mailing list
>> > dm-crypt at saout.de
>> > http://www.saout.de/mailman/listinfo/dm-crypt
>> >
>>
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list