strlcat / tfcrypt Goto Github PK

I have been using this command for generating keyfiles to use with tfcrypt:

sudo cat /dev/hwrng | sksum -D 1024 -n 1000000 -W -l 1024 > ./keyfile

My questions are: Is /dev/hwrng safe for getting random bytes to transform in a key with sksum?

Is this /dev/hwrng the hardware RNG which uses the processor RNG directly?

/dev/hwrng appeared when I installed rng-tools package from the Debian repository, it seems my processor (AMD Ryzen 5 1400) has a built in TRNG.

In cryptsetup (currently 2.4.3) there is an interesting option:

       --keyfile-offset value
              Skip value bytes at the beginning of the key file.  Works with all commands that accept key files.

When used, the program skip X bytes defined by user when reading the key file.

It would be interesting for luring an adversary a little bit when trying to find a valid key for decryption.

I use tfcrypt for generating large keys (up to 1024-bits).

Linux is using Chacha20 CSPRNG in /dev/urandom since version 4.8+:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=818e607b57c94ade9824dad63a96c2ea6b21baf3
http://lkml.iu.edu/hypermail/linux/kernel/1607.3/00275.html
https://lwn.net/Articles/686033/

Chacha20 has a key space of 2^256 and a stream position counter of 2^64.

Does it make tfcrypt weaker when using this new /dev/urandom?

If an adversary could brute-force the entire Chacha20 key space and sweep across all 2^64 positions of its counter, he could guess the key much more easier instead of brute-forcing the entire Threefish key space excepting the tweak (it doesn't add bits of security because once knowing the correct key, calculating a tweak is easy).

I have some questions about Threefish used with OCB mode.

What is its block size? 4096-bytes (128*32) as TF-XTS?

And about its security, does it provide quadratic security? I mean, will it double the bits of security of the encipherment? As I can see a 128-bit chunk is added to the beginning of encrypted file when encrypting with "-c rand" option. If I keep the Threefish key and this data chunk secret, will the security of encryption be increased?

And for counter, what is its size? How many different block can this OCB implementation can encrypt?

And, are this OCB implementation the OCB3? OCB1 and 2 have security issues: https://en.wikipedia.org/wiki/OCB_mode#Attacks

I compiled my tfcrypt with full key option enabled in "tfcrypt_defs.h", I wanna know if the "-R" option uses full key (160 byte chunk) when seeded with a random source.

Hi,
how can I use tfcrypt with ffmpeg in command line / real time?
possible?

thanks

This option is relevant for who uses long passwords.