itmake documentation less opinionated about the u/random issue - tomb - the crypto undertaker Err parazyd.org 70 hgit clone git://parazyd.org/tomb.git URL:git://parazyd.org/tomb.git parazyd.org 70 1Log /git/tomb/log.gph parazyd.org 70 1Files /git/tomb/files.gph parazyd.org 70 1Refs /git/tomb/refs.gph parazyd.org 70 1README /git/tomb/file/README.md.gph parazyd.org 70 1LICENSE /git/tomb/file/COPYING.gph parazyd.org 70 i--- Err parazyd.org 70 1commit 6c2077fee1b3a2257a1da3560f185630405d5f4b /git/tomb/commit/6c2077fee1b3a2257a1da3560f185630405d5f4b.gph parazyd.org 70 1parent ba9c0481cca9f4db9baee0fe45473f6b3a1a1c71 /git/tomb/commit/ba9c0481cca9f4db9baee0fe45473f6b3a1a1c71.gph parazyd.org 70 hAuthor: Jaromil URL:mailto:jaromil@dyne.org parazyd.org 70 iDate: Wed, 22 Mar 2017 16:39:25 +0100 Err parazyd.org 70 i Err parazyd.org 70 imake documentation less opinionated about the u/random issue Err parazyd.org 70 i Err parazyd.org 70 ifix #253 Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M doc/tomb.1 | 38 +++++++++++++++++-------------- Err parazyd.org 70 i Err parazyd.org 70 i1 file changed, 21 insertions(+), 17 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/doc/tomb.1 b/doc/tomb.1 /git/tomb/file/doc/tomb.1.gph parazyd.org 70 it@@ -30,25 +30,27 @@ harddisk and its key file on a USB stick. Err parazyd.org 70 i .IP "dig" Err parazyd.org 70 i Generates a file that can be used as a tomb and will occupy as much Err parazyd.org 70 i space as its desired initial size, the unlocked \fI.tomb\fR file can Err parazyd.org 70 i-then be locked using a \fIkey\fR. It takes a mandatory \fI-s\fR option which is Err parazyd.org 70 i-the size in megabytes (MiB). Tombs are digged using Err parazyd.org 70 i-low-quality random data (/dev/urandom). Err parazyd.org 70 i+then be locked using a \fIkey\fR. It takes a mandatory \fI-s\fR option Err parazyd.org 70 i+which is the size in megabytes (MiB). Tombs are digged using random Err parazyd.org 70 i+data gathered from a non-blocking source (/dev/urandom). Err parazyd.org 70 i Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "forge" Err parazyd.org 70 i Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to Err parazyd.org 70 i-protect its usage using symmetric encryption. This operation requires Err parazyd.org 70 i-high quality random data using /dev/random and can take long when run Err parazyd.org 70 i-on a server with low entropy. The \fI-g\fR option switches on the use Err parazyd.org 70 i-of a GPG key instead of a password (asymmetric encryption), then the Err parazyd.org 70 i-\fI-r\fR option indicates the recipient key; more recipient GPG ids Err parazyd.org 70 i-can be indicated (comma separated) if the option is followed by the Err parazyd.org 70 i-\fI--shared\fR flag. The default cipher to protect the key is AES256, Err parazyd.org 70 i-a custom one can be specified using the \fI-o\fR option, for a list of Err parazyd.org 70 i-supported ciphers use \fI-v\fR. For additional protection against Err parazyd.org 70 i-dictionary attacks on keys, the \fI--kdf\fR option can be used when Err parazyd.org 70 i-forging a key, making sure that the \fItomb-kdb-pbkdf2\fR binaries in Err parazyd.org 70 i-\fIextras/kdf\fR were compiled and installed on the system. Err parazyd.org 70 i+protect its usage using symmetric encryption. This operation uses Err parazyd.org 70 i+random data from a blocking source (/dev/random) and it may take long Err parazyd.org 70 i+when run on a server with low entropy; to switch using a non-blocking Err parazyd.org 70 i+source the \fI--use-urandom\fR flag can be used. The \fI-g\fR option Err parazyd.org 70 i+switches on the use of a GPG key instead of a password (asymmetric Err parazyd.org 70 i+encryption), then the \fI-r\fR option indicates the recipient key; Err parazyd.org 70 i+more recipient GPG ids can be indicated (comma separated) if the Err parazyd.org 70 i+option is followed by the \fI--shared\fR flag. The default cipher to Err parazyd.org 70 i+protect the key is AES256, a custom one can be specified using the Err parazyd.org 70 i+\fI-o\fR option, for a list of supported ciphers use \fI-v\fR. For Err parazyd.org 70 i+additional protection against dictionary attacks on keys, the Err parazyd.org 70 i+\fI--kdf\fR option can be used when forging a key, making sure that Err parazyd.org 70 i+the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were compiled Err parazyd.org 70 i+and installed on the system. Err parazyd.org 70 i Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "lock" Err parazyd.org 70 it@@ -259,8 +261,10 @@ commandline options. This is mostly used needed for execution by Err parazyd.org 70 i wrappers and testing suite. Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "--use-urandom" Err parazyd.org 70 i-Use an inferior quality random source to improve the speed of key Err parazyd.org 70 i-generation at the cost of security (needed for the testing suite). Err parazyd.org 70 i+Use a non-blocking random source to improve the speed of the Err parazyd.org 70 i+\fIforge\fR command (key generation): tomb uses /dev/urandom instead Err parazyd.org 70 i+of /dev/random. According to some people using the non-blocking source Err parazyd.org 70 i+of Linux kernel doesn't degrades the quality of random. Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "--tomb-pwd " Err parazyd.org 70 i Use string as password when needed on tomb. Err parazyd.org 70 .