On Mon, 25 Oct 2010 10:07:11 +0700 Victor Sudakov <suda...@sibptus.tomsk.ru> wrote:
> RW wrote: > > > > > > The geli(8) man page suggests initializing a geli provider with a > > > random keyfile (geli init -K). It also asks for a passphrase by > > > default. > > > > > > What happens if a provider is initialized without the -K option, > > > just with a passphrase? Will there be no encryption? Encryption > > > will be weaker? > > > > You can use either or both, they get combined. > > I see. > > > It's hard to remember a passphrase that contains 256 bits of > > entropy, OTOH a passfile might get stolen, so some people will want > > to use both. > > Why does the geli(8) man page always use a 64B long keyfile as an > example? Why 64 bytes and not 128 or 1024 or whatever? IIRC geli allows for up to 512 bit keysizes - although there are no 512 ciphers at the moment. Keyfiles with more than 512 bit of entropy are no better. Actually a single write from /dev/random is unlikely to contain much more than 256-bits of entropy anyway. > What if I use a well randomized keyfile and a weak passphrase, will > the master key be weaker? The keyfile and passphrase are used to encrypt the masterkey. As long as a strong keyfile is secure the passphrase strength is irrelevant, but if an attacker has the file then the passphrase may be bruteforced. Geli's use of PKCS #5 and salting provide some protection against this. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"