Re: Security issue ... please could someone help !!!

To: debian-user@lists.debian.org
Subject: Re: Security issue ... please could someone help !!!
From: Reco <recoverym4n@enotuniq.net>
Date: Sun, 5 Apr 2020 23:25:21 +0300
Message-id: <[🔎] E1jLBpa-0006Pa-5S@enotuniq.net>
In-reply-to: <[🔎] f5cc07c5-d99e-f052-9478-b15af4e634d8@unixindia.com>
References: <[🔎] f5cc07c5-d99e-f052-9478-b15af4e634d8@unixindia.com>

	Hi.

On Sun, Apr 05, 2020 at 09:03:00PM +0100, Bhasker C V wrote:
> I kept digging down and saw that anything below 32 bytes is not accepted
> (by cryptsetup --key-file option) but anything above 32 bytes is
> discarded.

cryptsetup(8), "-s" option.

> Does this mean that cryptsetup plain with --key-file uses
> only 32 bytes ?

Yes, assuming the defaults.

> Am I doing anything wrong ?

Probably no.

By default cryptsetup uses AES encryption algorithm with the key size of
256 bits. You're suppling your own key to cryptsetup, hence it chooses
just right amount of bits from it (32 bytes = 256 bits).

> If only 32 bytes are used, it is (in my opinion) not so much secure
> isnt it  ?

It's sufficiently secure, unless you try to do something really wrong
(like storing a plain key somewhere), or generate your key predictably.

Reco

Reply to:

References:
- Security issue ... please could someone help !!!
  - From: Bhasker C V <bhasker@unixindia.com>

Prev by Date: Re: x-www-browser doesn't change even after package delete, update-alternatives
Next by Date: Re: Debian Stretch broken !
Previous by thread: Security issue ... please could someone help !!!
Next by thread: State: stopped "Filter failed" on a Xerox Phaser 6125N. how do you troubleshoot a printer in Linux?
Index(es):
- Date
- Thread