Date: Mon, 25 Oct 2010 11:38:58 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: geli keys Message-ID: <20101025113858.66b5a3e7@gumby.homeunix.com> In-Reply-To: <20101025030711.GA84564@admin.sibptus.tomsk.ru> References: <20101024101457.GA72426@admin.sibptus.tomsk.ru> <20101024123238.34c4344a@gumby.homeunix.com> <20101025030711.GA84564@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Oct 2010 10:07:11 +0700 Victor Sudakov <sudakov@sibptus.tomsk.ru> wrote: > RW wrote: > > > > > > The geli(8) man page suggests initializing a geli provider with a > > > random keyfile (geli init -K). It also asks for a passphrase by > > > default. > > > > > > What happens if a provider is initialized without the -K option, > > > just with a passphrase? Will there be no encryption? Encryption > > > will be weaker? > > > > You can use either or both, they get combined. > > I see. > > > It's hard to remember a passphrase that contains 256 bits of > > entropy, OTOH a passfile might get stolen, so some people will want > > to use both. > > Why does the geli(8) man page always use a 64B long keyfile as an > example? Why 64 bytes and not 128 or 1024 or whatever? IIRC geli allows for up to 512 bit keysizes - although there are no 512 ciphers at the moment. Keyfiles with more than 512 bit of entropy are no better. Actually a single write from /dev/random is unlikely to contain much more than 256-bits of entropy anyway. > What if I use a well randomized keyfile and a weak passphrase, will > the master key be weaker? The keyfile and passphrase are used to encrypt the masterkey. As long as a strong keyfile is secure the passphrase strength is irrelevant, but if an attacker has the file then the passphrase may be bruteforced. Geli's use of PKCS #5 and salting provide some protection against this.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101025113858.66b5a3e7>