Default system encryption key size is XTS 256 bits and not 512 bits

Hello,

Is there a way to install OpenSUSE 13.2 with system encryption using the more recent 512 key size for AES xts-plain-64?

After installing OpenSUSE 13.2 with Yast or the default installer, cryptsetup luksDump on /dev/sda2 says the key is 256 bits (effectively this is 128 bits for XTS mode).

Other distributions notably Fedora 21, CentOS 7 and Ubuntu 14 are using 512 bits for XTS for system encryption (effectively 256 bits), which I verified on other systems with the same method.

Now it is true that cryptsetup itself defaults to 256 bits for XTS for LUKS when creating new volumes, but 512 is being adopted for system encryption. I’d prefer that and it makes me worry OpenSUSE might not be keeping up to date on security settings, or it has its own policy. I don’t know and couldn’t find any information.

Thanks

On 2015-03-23 00:06, Cardboard wrote:
>
> Hello,
>
> Is there a way to install OpenSUSE 13.2 with system encryption using the
> more recent 512 key size for AES xts-plain-64?

Do it manually, without YaST.

otherwise, open a bugzilla against YaST so that they open options for
encryption in the partitioner, or at least increase the key size. And
then wait till version 13.3 or later.

> keeping up to date on security settings, or it has its own policy. I
> don’t know and couldn’t find any information.

I’d ask on the security mail list.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

You can use “cryptsetup” to encrypt the partition. Then, for install, click the “Create Partitioning” option followed by the “Custom partitioning” option. Then you can use existing partitions.

Thank you I’ll look into it.

misc: I also checked Debian Jessie RC1 installer and it’s also defaulting with 512 bit key (it’s listed as 256 but multiplies by 2 automatically, it’s also the only installer I could find that lets you configure it in the GUI).

Actually, this choice is put on the distro’s developers hands. You can, however, change the KEY size to 512 on install (thus making it effective 256 bit because of XTS splitting). I’ll post instructions on how to do this if you want, but it’s probably going to be very hard to do so, specially if you want to change from AES to Twofish or Serpent (smart choice to do so).

Can you post the results of “cryptsetup status your_encrypted_partition”?

Sure, the cryptsetup status (~= luksDump) output for system-encrypted OpenSUSE 13.2 is:


  type:    LUKS1
  cipher:  aes-xts-plain64
  keysize: 256 bits
  device:  /dev/sda2
  offset:  4096 sectors

For comparison, the Debian Jessie default system encryption gives:


  type:    LUKS1
  cipher:  aes-xts-plain64
  keysize: 512 bits
  device:  /dev/sda5
  offset:  4096 sectors

Thanks for the offer for instructions, but it’s now become less urgent so don’t bother if it’s trouble. I sent to the mailing list.

I couldn’t change the KEY size neither the encryption algorithm. I did everything correctly, but still at the end the system doesn’t recognize my encrypted partition. I even stopped the installation at the end (when it wants to reboot) and logged into a tty so I could edit /etc/crypttab, but all efforts are useless.

Since I have clinical paranoia, I’m stick with Debian for the moment :frowning:

Anyway, I wouldn’t go with AES 256 anyway. Twofish 256 is just way superior.

http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

Thanks for trying

The mailing list said the low key size was not intentional, so I’ve filed a bug.

I didn’t file one for installer features because none of the other distros have them either (except Debian, and it’s not extremely intuitive) and personally I’m ok with a sane default. Feel free to make one…

After a lot of reading I came to the conclusion that 128 bit Key is, well, more recommended that 256, and it’s obviously faster. And since I can’t use Bruce’s Twofish on openSUSE, I might as well trust his opinion on AES, right?

http://paste.opensuse.org/images/19880085.png

Here’s the link: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

I know it’s not unanimous, but that attack is from 2009-2010. I take 512 bits (256) making it into latest RHEL/CentOS as not agreeing or the defacto standard. Truecrypt also stayed with aes-256 until the end. But it is true cryptsetup itself defaults to 256 (128).

For ciphers, in the past I used Truecrypt Serpent-AES on volumes just so I wouldn’t have to worry, but it was excessive. The one practical advantage to AES, it’s hardware-accelerated in newer processors and devices. It makes a very large difference now, see screenshot I saved some time ago: http://imgur.com/jBeACrg

FYI, they cancelled the bug I reported which requested solely a switch of the default key size. Their answer was:

So there are already at least four feature requests in this area - some
for several years. As long as product management sees other features as
more important the YaST team does not have the time to work on the issue.

So thanks for your answers but I’ll move to another distribution.