1

Anyone know the maximum length of a LUKS passphrase?

The passphrase will be randomly generated, and I can create one with any length.

I am using CentOS 6 with Linux kernel 2.6.32-573.12.1.el6.x86_64, and cryptsetup-luks version 1.2.0-11.el6.x86_64

Crash Override
  • 601
  • 1
  • 10
  • 21

1 Answers1

5

The built-in help function should display what options/limits were used: 

cryptsetup --help

...
Default compiled-in key and passphrase parameters:
Maximum keyfile size: 8192kB,
Maximum interactive passphrase length 512 (characters)
Default PBKDF2 iteration time for LUKS: 1000 (ms)

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • My version of cryptsetup does not include such compiled-in parameters. At the bottom of my `cryptsetup --help`, I only see: `Default compiled-in device cipher parameters: plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160 LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1, RNG: /dev/urandom` is there another way to find out the maximum interactive passphrase length for my version of cryptsetup? – Crash Override Jan 06 '16 at 22:12
  • 1
    FYI, I just tried mounting a LUKS volume with the last character of my 512-character key incorrect, and it did mount correctly. That tells me 512 characters is not the default for cryptsetup's interactive key maximum, and probably the case for other people's cryptsetup as well. – Crash Override Jan 07 '16 at 17:40
  • 1
    After some testing, it looks like my cryptsetup's interactive key only looks at the first 511 characters, and ignores the 512th and all characters after it. Perhaps I have some special character in my interactive key that interprets as 2 characters, not sure...I do have backslashes, but don't see why that would matter. Anyway, thanks for the response, but it is weird that 512 characters is not my max, but 511 is. – Crash Override Jan 07 '16 at 17:46
  • 1
    Probably a case of `2^9` = `512` but binary `111111111` = decimal `511` because computers and mathematicians start counting at 0. See [this Q&A](http://stackoverflow.com/questions/2340639/) on SO about 255 vs 256 which is essentially the same. – HBruijn Jan 07 '16 at 23:20