[dm-crypt] maximum keyfile size

Milan Broz gmazyland at gmail.com
Thu Jun 28 09:54:50 CEST 2012

On 06/28/2012 09:01 AM, .. ink .. wrote:
>> AFAIK this is a limit which is set at compile time, see "configure
>> --help". I assume it's not hardcoded.

yes, all these limit are configurable through configure switches.

> cryptsetup 1.4.3 and 1.5.o-rc1 seem to have a typo in ./configure
> --help in the key size options
> both read:
>   --with-keyfile-size-maxkb
>                           default maximum keyfile size (in kilobytes) [8192]
>   --with-passphrase-size-max
>                           default maximum keyfile size (in kilobytes) [512]
> the explanation for passphrase size is talking about keyfile, not
> passphrase. It also seem to suggest the max passphrase length is
> 512000 bytes( characters) while cryptsetup --help says its 512
> characters.

Yes, copy&paste error, will fix it.

Passphrase is interactively entered string
(from real terminal, not stdint), keyfile is everything else.

You can overwrite keyfile limit with explicitly setting --keyfile-size.
(You cannot overwrite interactive password length though.)

Both limits apply even for library.


More information about the dm-crypt mailing list