geli keys
RW
rwmaillists at googlemail.com
Mon Oct 25 10:39:04 UTC 2010
On Mon, 25 Oct 2010 10:07:11 +0700
Victor Sudakov <sudakov at sibptus.tomsk.ru> wrote:
> RW wrote:
> > >
> > > The geli(8) man page suggests initializing a geli provider with a
> > > random keyfile (geli init -K). It also asks for a passphrase by
> > > default.
> > >
> > > What happens if a provider is initialized without the -K option,
> > > just with a passphrase? Will there be no encryption? Encryption
> > > will be weaker?
> >
> > You can use either or both, they get combined.
>
> I see.
>
> > It's hard to remember a passphrase that contains 256 bits of
> > entropy, OTOH a passfile might get stolen, so some people will want
> > to use both.
>
> Why does the geli(8) man page always use a 64B long keyfile as an
> example? Why 64 bytes and not 128 or 1024 or whatever?
IIRC geli allows for up to 512 bit keysizes - although there are no
512 ciphers at the moment. Keyfiles with more than 512 bit of entropy
are no better. Actually a single write from /dev/random is unlikely to
contain much more than 256-bits of entropy anyway.
> What if I use a well randomized keyfile and a weak passphrase, will
> the master key be weaker?
The keyfile and passphrase are used to encrypt the masterkey.
As long as a strong keyfile is secure the passphrase strength is
irrelevant, but if an attacker has the file then the passphrase may be
bruteforced. Geli's use of PKCS #5 and salting provide some protection
against this.
More information about the freebsd-questions
mailing list