You are not logged in.
I'd like to use ecryptfs-migrate-home (eCryptfs) to encrypt my home directory, but don't like the fact that key length is only 16 bytes (128 bits).
I was wondering if it is safe to change the KEYBYTES value in /usr/bin/ecryptfs-setup-private before running ecryptfs-migrate-home, or is there a better way?
Edit: apparently 16 is (was?) also hardcoded in the code of the setuid mount helper according to http://askubuntu.com/questions/94298/wh … ectory-use
Edit 2: back in 2009 Bruce Schneier wrote "the key schedule for AES-256 is very poor. I would recommend that people use AES-128 and not AES-256". That was ecryptfs-setup-private author's reason for hardcoding those values.
Last edited by halogen (2016-08-15 11:40:21)
Offline