Re: geli keys
On Mon, 25 Oct 2010 10:07:11 +0700 Victor Sudakov suda...@sibptus.tomsk.ru wrote: RW wrote: The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? Will there be no encryption? Encryption will be weaker? You can use either or both, they get combined. I see. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both. Why does the geli(8) man page always use a 64B long keyfile as an example? Why 64 bytes and not 128 or 1024 or whatever? IIRC geli allows for up to 512 bit keysizes - although there are no 512 ciphers at the moment. Keyfiles with more than 512 bit of entropy are no better. Actually a single write from /dev/random is unlikely to contain much more than 256-bits of entropy anyway. What if I use a well randomized keyfile and a weak passphrase, will the master key be weaker? The keyfile and passphrase are used to encrypt the masterkey. As long as a strong keyfile is secure the passphrase strength is irrelevant, but if an attacker has the file then the passphrase may be bruteforced. Geli's use of PKCS #5 and salting provide some protection against this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: geli keys
On Sun, 24 Oct 2010 17:14:57 +0700 Victor Sudakov suda...@sibptus.tomsk.ru wrote: Colleagues, The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? Will there be no encryption? Encryption will be weaker? You can use either or both, they get combined. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: geli keys
On Sun, Oct 24, 2010 at 05:14:57PM +0700, Victor Sudakov wrote: Colleagues, The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? The passphrase is not used as the key directly. It is used to derive the key with PKCS #5 [see http://www.faqs.org/rfcs/rfc2898.html]. Will there be no encryption? No, there will be encryption. Encryption will be weaker? I don't think so. But in depends on a lot of things. If you use a keyfile, it needs to be on an unencrypted (or previously decrypted) partition, and it needs to be referenced in /etc/rc.conf if you want to be able to maount that partition at boot. So the keyfile might be random but it may not be secret (unless you put it on a USB thumbdrive and mount that before mounting the encrypted fs). Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpKGycO9sizs.pgp Description: PGP signature
Re: geli keys
RW wrote: The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? Will there be no encryption? Encryption will be weaker? You can use either or both, they get combined. I see. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both. Why does the geli(8) man page always use a 64B long keyfile as an example? Why 64 bytes and not 128 or 1024 or whatever? What if I use a well randomized keyfile and a weak passphrase, will the master key be weaker? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org