From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sonic316-55.consmr.mail.gq1.yahoo.com (sonic316-55.consmr.mail.gq1.yahoo.com [98.137.69.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 15 Jul 2020 22:49:45 +0200 (CEST) Date: Wed, 15 Jul 2020 20:49:09 +0000 (UTC) From: John Wiersba Reply-To: John Wiersba Message-ID: <269697254.1965946.1594846149229@mail.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1965945_422032307.1594846149227" References: <269697254.1965946.1594846149229.ref@mail.yahoo.com> Subject: [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "dm-crypt@saout.de" ------=_Part_1965945_422032307.1594846149227 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The FAQ as of today (2020/7/15) states Make sureno trailing newline (0x0a) is contained in the input key file, or = thepassphrase will not work because the whole file is used as input. But then a few lines later it suggests head -c 256 /dev/random > keyfile Obviously if /dev/random is used, it's possible that the keyfile will end w= ith a trailing newline. I think you're trying to distinguish between=20 =20 - A file which contains a human-readable passphrase which could also be = entered interactively, and =20 - A file which contains random bytes.=C2=A0 =20 In order for a passphrase to be entered interactively, the passphrase must = not end with a newline.=C2=A0 Therefore, when intending to use both a keyfi= le containing a passphrase and also enter that same passphrase interactivel= y, the keyfile should not contain a newline (anywhere), including a trailin= g newline.=C2=A0 If a keyfile does contain a newline (anywhere), the text o= f that keyfile will not be able to be entered interactively as a passphrase= . Additionally, I see lots of guidance on the length of a keyfile which uses = magic numbers, both on the internet and also in the FAQ.=C2=A0 Examples are= the value 256 above, and the parameters bs=3D512 count=3D8 for dd.=C2=A0 I= f I understand the FAQ correctly, the actual advice is Plain dm-crypt: Use > 80 bit.=C2=A0 ...=C2=A0 If paranoid, add at least 20 = bit. This implies (taking the worst case) that=20 head -c 13 /dev/random should be sufficient (13 * 8 bytes =3D 104 bits > 81+20 bits), and 256 byte= s is "overkill".=C2=A0 I do understand that some reasonable amount of overk= ill is essentially "free" and therefore can be used "just in case". Did I understand these two concepts correctly, and if so, could you clarify= the FAQ? Thanks!-- John Wiersba ------=_Part_1965945_422032307.1594846149227 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
The FAQ as of today (2020/7/15) states
Make sure no trailing newline (0x0a) is contained in the input key file, or the passphrase will not work because the whole file is used as input.
But then a few= lines later it suggests
head -c 256 /dev/random > keyfile
Obviously if /dev/random is used, it's possible that the keyfile will end = with a trailing newline.

I think you're trying to disting= uish between
  1. A file which contains a human-readable passphr= ase which could also be entered interactively, and
  2. A file whic= h contains random bytes. 
In order for a passphrase to b= e entered interactively, the passphrase must not end with a newline.  = Therefore, when intending to use both a keyfile containing a passphrase and= also enter that same passphrase interactively, the keyfile should not cont= ain a newline (anywhere), including a trailing newline.  If a keyfile = does contain a newline (anywhere), the text of that keyfile will not be abl= e to be entered interactively as a passphrase.

Additional= ly, I see lots of guidance on the length of a keyfile which uses magic numb= ers, both on the internet and also in the FAQ.  Examples are the value= 256 above, and the parameters bs=3D512 count=3D8 for dd.  If I unders= tand the FAQ correctly, the actual advice is
<= div dir=3D"ltr" data-setdir=3D"false">

Plain dm-crypt: Use > 80 bit.  ...  If paranoid, add at l= east 20 bit.

This implies (= taking the worst case) that
head -c 13 /dev/random
should be sufficient = (13 * 8 bytes =3D 104 bits > 81+20 bits), and 256 bytes is "overkill".&n= bsp; I do understand that some reasonable amount of overkill is essentially= "free" and therefore can be used "just in case".

Did= I understand these two concepts correctly, and if so, could you clarify th= e FAQ?

Thanks!
-- John Wiersba
------=_Part_1965945_422032307.1594846149227-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v1.tansi.org (mail.tansi.org [84.19.178.47]) by mail.server123.net (Postfix) with ESMTP for ; Thu, 16 Jul 2020 17:09:00 +0200 (CEST) Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245]) by v1.tansi.org (Postfix) with ESMTPA id F14991400F2 for ; Thu, 16 Jul 2020 17:08:57 +0200 (CEST) Date: Thu, 16 Jul 2020 17:08:59 +0200 From: Arno Wagner Message-ID: <20200716150859.GA6794@tansi.org> References: <269697254.1965946.1594846149229.ref@mail.yahoo.com> <269697254.1965946.1594846149229@mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <269697254.1965946.1594846149229@mail.yahoo.com> Subject: Re: [dm-crypt] Cryptsetup FAQ is confusing re: key-file length and newlines List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi John, On Wed, Jul 15, 2020 at 22:49:09 CEST, John Wiersba wrote: > The FAQ as of today (2020/7/15) states > > Make sure no trailing newline (0x0a) is contained in the input key > file, or the passphrase will not work because the whole file is used as > input. > > But then a few lines later it suggests > > head -c 256 /dev/random > keyfile > > Obviously if /dev/random is used, it's possible that the keyfile will > end with a trailing newline. > I think you're trying to distinguish between > 1. A file which contains a human-readable passphrase which could also > be entered interactively, and > 2. A file which contains random bytes. You are overthinking this, I think. If you create the keyfile via a text-editor, make sure you have no trailing newling (unless you _want_ that traling newline to be part of the passphrase). Many UNIX editors add that trailing newline when saving a file automatically and then you have a character in there you do not see but which is part of the passphrase. This comment just simplifies debugging the problem. If you create a new random keyfile, whatever bytes are in there are fine. A random keyfile will contain (almost certainly ;-) a lot of characters you cannot enter interactively anyways, hence this does not have "interactive entry" as use-case. [...] > Additionally, I see lots of guidance on the length of a keyfile which > uses magic numbers, both on the internet and also in the FAQ. Examples > are the value 256 above, and the parameters bs=512 count=8 for dd. If > I understand the FAQ correctly, the actual advice is > > Plain dm-crypt: Use > 80 bit. ... If paranoid, add at least 20 bit. > > This implies (taking the worst case) that > > head -c 13 /dev/random > > should be sufficient (13 * 8 bytes = 104 bits > 81+20 bits), and 256 > bytes is "overkill". I do understand that some reasonable amount of > overkill is essentially "free" and therefore can be used "just in > case". Yes. When it costs you nothing, use more. When it costs you something, what you quoted gives you a generally reasonable trade-off. Regards, Arno > Did I understand these two concepts correctly, and if so, could you > clarify the FAQ? > Thanks! > -- John Wiersba > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > https://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier