This section lists the specific components which contribute to the cryptographic strength of gbde.
The payload is encrypted with AES in CBC mode using a 128 bit random single-use key (""theskey""). AES is well documented.
No IV is used in the encryption of the sectors, the assumption being that since the key is random bits and single-use, an IV adds nothing to the security of AES.
The random key is produced with arc4rand(9) which is believed to do a respectable job at producing unpredictable bytes.
The skey is stored on the device in a location which can be derived from the location of the encrypted payload data. The stored copy is encrypted with AES in CBC mode using a 128 bit key (""thekkey"") derived from a subset of the master key chosen by the output of an MD5 hash over a 16 byte random bit static salt and the sector offset. Up to 6.25% of the masterkey (16 bytes out of 2048 bits) will be selected and hashed through MD5 with the sector offset to generate the kkey.
Up to four copies of the master-key and associated geometry information is stored on the device in static randomly chosen sectors. The exact location inside the sector is randomly chosen. The order in which the fields are encoded depends on the key-material. The encoded byte-stream is encrypted with AES in CBC mode using 256 bit key-material.
The key-material is derived from the user-entered pass-phrase using 512 bit SHA2.
No chain is stronger than its weakest link, which usually is poor pass-phrases.