On Aug 18, 2017, at 1:47 PM, Eric Biggers [off-list ref] wrote:

+Key hierarchy
+=============
+
+Master Keys
+-----------
+
+Userspace should generate master keys either using a cryptographically
+secure random number generator, e.g. by reading from ``/dev/urandom``
+or calling getrandom(), or by using a KDF (Key Derivation Function).
+Note that whenever a KDF is used to "stretch" a lower-entropy secret
+such as a passphrase, it is critical that a KDF designed for this
+purpose be used, such as scrypt, PBKDF2, or Argon2.

One minor suggestion - when generating a master key for a filesystem,
I'd think it is preferable to use /dev/random instead of /dev/urandom
to ensure there is enough entropy.

Cheers, Andreas