0

I recently created a LUKS partition on which I installed Ubuntu 16.04.3 LTS. I did this via a Ubuntu 16.04.3 LTS live USB.

I am now having doubts as to whether this is secure. When I read the man page for cryptsetup, the "--use-random" and "--use-urandom" section reads the following:

   --use-random

   --use-urandom
          For  luksFormat  these  options  define which kernel random number generator will be
          used to create the master key (which is a long-term key).

          See NOTES ON RANDOM NUMBER GENERATORS for more information. Use cryptsetup --help to
          show the compiled-in default random number generator.

          WARNING:  In  a  low-entropy situation (e.g. in an embedded system), both selections
          are problematic.  Using /dev/urandom can lead to weak keys.  Using  /dev/random  can
          block  a  long  time, potentially forever, if not enough entropy can be harvested by
          the kernel.

I found out what entropy was today and then realised that live distros have low entropy, so I believe this warning applies to me. I can't remember if I included the --use-random flag when creating my LUKS partition, so have no idea which was used (because I think urandom is default), but the warning suggests both options are bad?

FYI the command I used to create my partition was this:

sudo cryptsetup --verbose --cipher aes-xts-plain64:sha512 --key-size 512 --hash sha512 --iter-time 5000 luksFormat /dev/sdaX

(but like I said, I don't remember if I included the --use-random flag to this command)

What are your opinions on these circumstances? Do you think I will have to reinstall, and if so what options should I use?

Improve this question

1 Answer 1

Reset to default
0

Live distros have just as much entropy as a normal machine. Why would they have less? They are a normal machine, for all practical purposes; especially if this was a graphical live session, since movement of the mouse is an excellent source of entropy. As to --use-random vs. --use-urandom, they provide the same security but urandom won't block; there is never a good reason to use /dev/random instead of /dev/urandom.

Note that there is rarely a good reason to use anything but the defaults with cryptsetup; by specifying any non-default cipher etc. you are essentially claiming to be a better cryptographer than the people who do this for a living: so unless you actually are a professional cryptographer, or you are using an unusual computer system where the defaults have measurably lower performance than some other cipher or hash, the best practice is to stick with the default options.

Improve this answer
4
  • thanks for the advice (again!). You sound quite knowledgeable with LUKS - do you have an opinion of the command I used? Commented Nov 12, 2017 at 19:21
  • I think it's fine serviceable, but then I'm not a professional cryptographer and I never use anything but the defaults... Anyway, I'm not sure that xts-aes-plain64:sha512 is anything different from xts-aes-plain64 when used with LUKS; and I'm quite certain that there is no variant of AES which uses 512 bit keys. The question is, can you articulate what advantages and disadvantages the non-default cipher, hash and key-size have over the default? Can you back it up with quotations from reputable sources? Commented Nov 12, 2017 at 19:36
  • I heard that xts-aes-plain64 breaks the key in half, so to effectively get 256 bit keys, you need to input 512 Commented Nov 12, 2017 at 19:47
  • @LostCrotchet: You are right, I had forgotten that xts-aes uses two AES keys. Commented Nov 12, 2017 at 21:57

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.