[dm-crypt] Key-Slot Checker Tool

Arno Wagner arno at wagner.name
Sun Sep 9 23:40:09 CEST 2012


On Sun, Sep 09, 2012 at 03:35:12PM +0200, Arno Wagner wrote:
> On Sun, Sep 09, 2012 at 10:27:44AM +0200, Milan Broz wrote:
[...]
> > (And the same random test perhaps should be in tests for large
> > enough blocks - see tests/differ.c, there is nice fixme :-)
> 
> Will have a look.

Question for that, is the "R" option one random thing 
replaced with another random thing? If so, I can fix
that test by XORing both and calculating entropy on the 
result.

Will still require -lm for the log() though.

And an update on the 0.85 threshold: I have checked 10 Million
random 512B blocks and the sample entroy never went below 0.92.
For larger blocks the probability will be even lower. I think 
0.85 is quite adequate as threshold.

However, the test in differ.c will probably need to go
back to a count of differing bits for blocks significantly
smaller than 512B or use a lower threshold. Is it used for 
small blocks, e.g. keys?

Arno


> > I am just not sure introducing floating point in libcryptsetup
> > is good idea. 
> 
> While this can be done without, it is really hard. Basically
> you eiher need to simulate the logarithm in fixed-point integer
> or build up huffman tree as direct entropy estimator. Easiest way
> would probably be fixed-point and a 1000-entry table for the
> log().
> 
> > But perhaps this can be compile time option,
> > if some ancient/embedded CPU/distro has problems here,
> > so it can be compiled-out.
> 
> I like that idea much better.
> 
> So, next step, make it use luks.h and put it in misc/ ? 
> 
> Arno
> -- 
> Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
> ----
> One of the painful things about our time is that those who feel certainty 
> are stupid, and those with any imagination and understanding are filled 
> with doubt and indecision. -- Bertrand Russell 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list