0

Most of the online guides I found about using dm-crypt with a random keyfile use files bigger than 512 bits (64 bytes).

For example:

dd bs=512 count=4 if=/dev/urandom of=keyfile iflags=fullblock

As the biggest key a cipher can use is 512 bits (aes-xts-plain64 splits it into two 256 bits key for AES-256), is there any advantage to using more than that, given that /dev/urandom is considered cryptographically secure and that the spec limits the keyfile to 8 MiB?

The cryptsetup man page also mentions the --master-key-file option but I did not find it mentioned elsewhere.

Improve this question

1 Answer 1

Reset to default
1

Short answer: no

Long answer: For plain mode, the manual for cryptsetup states in the "Notes on Password Processing" section:

From a key file: It will be cropped to the size given by -s. If there is insufficient key material in the key file, cryptsetup will quit with an error.

So unlike passwords entered from the terminal or stdin, the keyfile is not hashed, only cropped, so you'll get no extra entropy out of a longer keyfile. cryptsetup will even warn you about this if you try to specify --hash plain in plain mode with a keyfile.

For LUKS mode, it will read the keyfile completely (up to --keyfile-size, defaults to 8192 KiB) and hash it, but you won't get more entropy with longer keyfiles as long as your source is good enough.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.