1 |
On Tue, 24 Jun 2008 22:20:20 -0400 |
2 |
Chris Walters <cjw2004d@×××××××.net> wrote: |
3 |
|
4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
5 |
> Hash: SHA512 |
6 |
> |
7 |
> Thanks to all who replied to my previous question. This question is |
8 |
> related. Has anyone gotten the 'extra-ciphers' (you can get them from |
9 |
> the loop-aes site) to compile with the loop-aes kernel patch in |
10 |
> place? If so, could you give me a hint on how to do this? |
11 |
|
12 |
|
13 |
Perhaps they appear as kernel modules? I'm just guessing. |
14 |
|
15 |
|
16 |
> Also, someone said that it was possible to encrypt using multiple |
17 |
> passphrases using dm-crypt. To be clear are we talking about the |
18 |
> same type of multiple passphrases that can be used with AES and |
19 |
> Serpent with loop-aes? |
20 |
|
21 |
Yes, you can have multiple passwords with dm-crypt-luks. |
22 |
|
23 |
|
24 |
> In other words, you set up a number pg |
25 |
> passphrases (64 or 65), and the first block uses the first |
26 |
> passphrase, the second block uses the second one, etc. The 65th |
27 |
> passpharse is added to the hash of the encryption passphrase. |
28 |
|
29 |
|
30 |
Never bothered to go so deep in the internals, but... |
31 |
|
32 |
I had a busyness laptop with non-sensitive (in my opinion) data, but |
33 |
the managers were quite paranoid about that, so I had to encrypt the |
34 |
drives to save myself the administrative trouble in case it was stolen. |
35 |
I followed the gentoo-wiki how-to [1] and found out that encrypting the |
36 |
hdd visibly slowed down the system. |
37 |
|
38 |
Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
39 |
etc) can break those algorithms relatively easy. On the other hand even |
40 |
weaker algorithms can protect your data against laptop thieves. |
41 |
|
42 |
What I'm saying is that it is pointless to get very crazy about strong |
43 |
and heavy algorithms. After all if your enemies are not after your |
44 |
hardware, but after your data, they could always physically force you |
45 |
to reveal the password. |
46 |
|
47 |
|
48 |
> Also (as if that weren't enough), is it possible to encrypt the |
49 |
> passphrases or keys in dm-crypt with gnupg, like it is with |
50 |
> loop-aes? If so, please give examples. |
51 |
> |
52 |
|
53 |
Yes, you could do something like: |
54 |
|
55 |
head /dev/urandom | gpg --symmetric -a > key.gpg |
56 |
gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device |
57 |
gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device |
58 |
|
59 |
|
60 |
(The above commands are not correct, their sole purpose is to show the |
61 |
idea) |
62 |
|
63 |
|
64 |
[1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 |
65 |
|
66 |
[2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D |
67 |
|
68 |
|
69 |
|
70 |
-- |
71 |
Best regards, |
72 |
Daniel |
73 |
-- |
74 |
gentoo-user@l.g.o mailing list |