g13 and LUKS ?

Werner Koch wk at gnupg.org
Thu Oct 15 20:11:43 CEST 2009


On Thu, 15 Oct 2009 17:07, tux.tsndcb at free.fr said:

> I've see than you work on EncFS support with g13, do you think your can also add LUKS support ?

The idea is to support a wide range of backends.  I have some doubts
that support for LUKS is the right think because G13 does exactly the
same as LUKS: A common key management interface for all kind of crypto
file systems etc.  The advantage of G13 is that, in addition to
symmetric keys, we can also use asymmetric keys all using a matured key
management system like GPG (or GPGSM).

We currently work with EncFS because it seems to be the easiest system
we can deploy.  We also looked at Truecrypt but figured that it will be
a bit harder to support.  For the project G13 will initially be used
with, a fixed sized container is a suboptimal solution.

A drawback of the current implementation of EncFS is that we can't bypass
the key derivation function (KDF) used by EncFS or to provide a MAC key.
What we do is to generate 32 random bytes as a key and replace Nul and
LF characters.  That key is then used as the passphrase.  From a
cryptographic point of view the KDF used by EncFS is not necessary if a
random key can be presented.  Actually it is a bit annoying because the
KDF is designed to burn some time to mitigate dictionary attacks.  It is
not a practical problem, though.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list