5
2
I have a couple of dm-crypt/LUKS related questions.
Setting up dm-crypt/LUKS with these settings:
cryptsetup -c aes-xts-plain -h sha256 --key-size=256 -y luksFormat /dev/sda1
(1) Considering the key size specified is 256 bits, how many characters long should the passphrase be? And if for some reason the size may vary, why? And what is the recommended size?
When using a key file with these settings (or alternatively adding one to an available slot):
cryptsetup -c aes-xts-plain -h sha256 --key-size=256 luksFormat /dev/sda1 /path/to/key/file
(2) What size should the key file be? And again, if the size may vary, why, and what is recommended?
(3) What is the difference between --key-size=BITS and --keyfile-size=bytes?
I know one means "The size of the encryption key" and one "Limits the read from keyfile", but I don't understand the exact corelation between them.
(4) ...and between --keyfile-size=bytes and --new-keyfile-size=bytes?
I read the man page multiple times, and researched the Internet reading many different articles. These are just a couple of things that confuse me.
This possibly should be migrated to http://security.stackexchange.com/
– Zoredache – 2011-07-20T17:01:33.350