[dm-crypt] zuluCrypt v3.0 released.
arno at wagner.name
Wed Oct 5 17:39:33 CEST 2011
On Wed, Oct 05, 2011 at 05:07:34PM +0200, Quentin Lefebvre wrote:
> This looks like a very nice project.
> On 05/10/2011 08:28, .. ink .. wrote :
> > project page: http://code.google.com/p/zulucrypt/
> > screenshots of the new release:
> > https://picasaweb.google.com/109794855728648275729/ZuluCryptV30?authuser=0&feat=directlink
> > video showing features of the new release:
> > https://docs.google.com/leaf?id=0B8juRKTjN4Q9Njk0MTY4OWQtODcyMi00MGY2LTg5ODktOTg2MGYyNGRiNzI1&hl=en_US
> > This release put cryptsetup/zuluCrypt at the same level as truecrypt feature
> > wise when used from the GUI.
> > It can now (from the GUI)
> > 1. Create key files( 512 bytes in size composed of only the 94 printable
> > characters).
> 512 bits rather than bytes ?
> > 2. Create volumes both in files and partitions.
> > 3. Create both plain type and luks types volumes.
> > 4. Add keys to luks type volumes.
> > 5 . Delete keys from luks type volumes.
> > 6. Close a bunch of bugs.
> > All volume management can be done through either passphrases or key files.
> > The core functionality is now in place and next version(version 4) will be
> > for GUI user configuration options of things like font type, font size, use
> > of tray icon and maintaining a list of favorite volumes.
> I just took a look at the screenshots and I'm a bit surprised about the
> fact keys are generated from /dev/urandom. Even for 512 bits, that is 64
> bytes, wouldn't it be better to read key files from /dev/random ? Unless
> there is a setting allowing the user to explicitly choose the source ?
We had this discussion here several times for the
LUKS master key.
The potential problem we identified with /dev/random was
entropy starvation. In an interactive application, this
should not be a problem, just tell the user to move
the mouse a bit. It still can take a few secons to
generate even 64 random bytes when the pool was just emptied.
Generally, /dev/urandom is enough even for key-grade
material. But making it configurable (as it is for
cryptsetup) would be definitely a good idea. And then
having cryptsetup use the same when creating a LUKS
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt