Difference between revisions of "User:Nonix"

From ArchWiki
Jump to: navigation, search
(Blank page, meant to edit Talk page ;-))
(create #cryptsetup)
Line 1: Line 1:
 +
== cryptsetup ==
 +
=== luksFormat / luksAddKey Options ===
  
 +
# cryptsetup -c aes-xts-plain -s <key size> -h sha512 -i 5000 luksFormat <device> --use-random
 +
 +
{| class="wikitable" style="margin:0 5em 1.5em 5em;"
 +
! scope="col" style="text-align:left" | available&nbsp;options
 +
! scope="col" style="text-align:left" | default
 +
! scope="col" style="text-align:left" | example
 +
! scope="col" style="text-align:left" | comment
 +
|-
 +
! scope="row" style="text-align:right" | --cipher, -c
 +
| aes-cbc-essiv:sha256
 +
| aes-xts-plain
 +
| ''approved by the NSA for protecting "SECRET" and "TOP SECRET" classified US-government information (when used with a key size of 192 or 256 bits)''
 +
|-
 +
! scope="row" style="text-align:right" | --key-size, -s
 +
| 256
 +
| 512
 +
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''
 +
|-
 +
! scope="row" style="text-align:right" | --hash, -h
 +
| sha1
 +
| sha512
 +
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''
 +
|-
 +
! scope="row" style="text-align:right" | --iter-time, -i
 +
| 1000
 +
| 5000
 +
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''
 +
|-
 +
! scope="row" style="text-align:right" | --use-random
 +
| --use-urandom
 +
| --use-random
 +
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''
 +
|-
 +
! scope="row" style="text-align:right" | --verify-passphrase, -y
 +
| for luksFormat and luksAddKey
 +
| no need to type
 +
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''
 +
|}
 +
 +
==== Man page content ====
 +
--cipher, -c <cipher-spec>
 +
Set the cipher specification string.
 +
cryptsetup --help shows the compiled-in defaults.  The current default in the distributed sources is "aes-cbc-essiv:sha256" for both plain dm-crypt and LUKS.
 +
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of  512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
 +
XTS mode requires kernel 2.6.24 or later and plain64 requires kernel 2.6.33 or later. More information can be found in the FAQ.
 +
 +
For volumes >2TiB and kernels >= 2.6.33 use "plain64".
 +
"Plain" uses 64 bit sector numbers, with the upper 32 bit set to zero. This means that on volumes larger than 2TiB, the IV repeats, creating a vulnerability that potentially leaks some data.
 +
To avoid this, use "plain64", which uses the full sector number up to 64 bit. Note that "plain64" requires a kernel >= 2.6.33. Also note that "plain64" is backwards compatible for volume sizes <= 2TiB, but not for those > 2TiB. Finally, "plain64" does not cause any performance penalty compared to "plain".
 +
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
 +
 +
--key-size, -s <bits>
 +
Sets key size in bits. The argument has to be a multiple of 8. The possible key-sizes are limited by the cipher and mode used.
 +
See /proc/crypto for more information. Note that key-size in /proc/crypto is stated in bytes.
 +
This option can be used for create or luksFormat. All other LUKS actions will use the key-size specified in the LUKS header.  Use cryptsetup --help to show the compiled-in defaults.
 +
 +
--hash, -h <hash-spec>
 +
Specifies the passphrase hash for create and loopaesOpen.
 +
Specifies the hash used in the LUKS key setup scheme and volume key digest for luksFormat.
 +
The specified hash name is passed to the compiled-in crypto backend.  Different backends may support different hashes.  For luksFormat, the hash  algorithm must provide at least 160 bits of output, which excludes, e.g., MD5. Do not use a non-crypto hash like "crc32" as this breaks security.
 +
Values compatible with old version of cryptsetup are "ripemd160" for create and "sha1" for luksFormat.
 +
Use cryptsetup --help to show the defaults.
 +
 +
--iter-time, -i <number of milliseconds>
 +
default:0=1000
 +
The number of milliseconds to spend with PBKDF2 passphrase processing.  This  option  is  only relevant  for  LUKS  operations  that  set  or  change passphrases, such as luksFormat or luksAddKey.
 +
Specifying 0 as parameter selects the compiled-in default.
 +
 +
--use-random
 +
--use-urandom
 +
For luksFormat these options define which kernel random number generator will be used to create the master key (which is a long-term key).
 +
You may want to make sure to use /dev/random (by specifying --use-random on luksFormat) as randomness source for the volume master key to avoid being potentially insecure in an entropy-starved situation.
 +
WARNING: In a low-entropy situation (e.g. in an embedded system), both selections are problematic.  Using /dev/urandom can lead to weak keys.
 +
Using /dev/random can block a long time, potentially forever, if not enough entropy can be harvested by the kernel.
 +
 +
=== Check results ===
 +
# cryptsetup luksDump /dev/<drive>

Revision as of 13:14, 27 September 2012

cryptsetup

luksFormat / luksAddKey Options

# cryptsetup -c aes-xts-plain -s <key size> -h sha512 -i 5000 luksFormat <device> --use-random
available options default example comment
--cipher, -c aes-cbc-essiv:sha256 aes-xts-plain approved by the NSA for protecting "SECRET" and "TOP SECRET" classified US-government information (when used with a key size of 192 or 256 bits)
--key-size, -s 256 512 one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux
--hash, -h sha1 sha512 one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux
--iter-time, -i 1000 5000 one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux
--use-random --use-urandom --use-random one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux
--verify-passphrase, -y for luksFormat and luksAddKey no need to type one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux

Man page content

--cipher, -c <cipher-spec>

Set the cipher specification string. cryptsetup --help shows the compiled-in defaults. The current default in the distributed sources is "aes-cbc-essiv:sha256" for both plain dm-crypt and LUKS. For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level. XTS mode requires kernel 2.6.24 or later and plain64 requires kernel 2.6.33 or later. More information can be found in the FAQ.

For volumes >2TiB and kernels >= 2.6.33 use "plain64". "Plain" uses 64 bit sector numbers, with the upper 32 bit set to zero. This means that on volumes larger than 2TiB, the IV repeats, creating a vulnerability that potentially leaks some data. To avoid this, use "plain64", which uses the full sector number up to 64 bit. Note that "plain64" requires a kernel >= 2.6.33. Also note that "plain64" is backwards compatible for volume sizes <= 2TiB, but not for those > 2TiB. Finally, "plain64" does not cause any performance penalty compared to "plain". http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

--key-size, -s <bits>

Sets key size in bits. The argument has to be a multiple of 8. The possible key-sizes are limited by the cipher and mode used. See /proc/crypto for more information. Note that key-size in /proc/crypto is stated in bytes. This option can be used for create or luksFormat. All other LUKS actions will use the key-size specified in the LUKS header. Use cryptsetup --help to show the compiled-in defaults.

--hash, -h <hash-spec>

Specifies the passphrase hash for create and loopaesOpen. Specifies the hash used in the LUKS key setup scheme and volume key digest for luksFormat. The specified hash name is passed to the compiled-in crypto backend. Different backends may support different hashes. For luksFormat, the hash algorithm must provide at least 160 bits of output, which excludes, e.g., MD5. Do not use a non-crypto hash like "crc32" as this breaks security. Values compatible with old version of cryptsetup are "ripemd160" for create and "sha1" for luksFormat. Use cryptsetup --help to show the defaults.

--iter-time, -i <number of milliseconds>

default:0=1000 The number of milliseconds to spend with PBKDF2 passphrase processing. This option is only relevant for LUKS operations that set or change passphrases, such as luksFormat or luksAddKey. Specifying 0 as parameter selects the compiled-in default.

--use-random
--use-urandom

For luksFormat these options define which kernel random number generator will be used to create the master key (which is a long-term key). You may want to make sure to use /dev/random (by specifying --use-random on luksFormat) as randomness source for the volume master key to avoid being potentially insecure in an entropy-starved situation. WARNING: In a low-entropy situation (e.g. in an embedded system), both selections are problematic. Using /dev/urandom can lead to weak keys. Using /dev/random can block a long time, potentially forever, if not enough entropy can be harvested by the kernel.

Check results

# cryptsetup luksDump /dev/<drive>