| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Daniel Iliev wrote: |
| 5 |
| On Tue, 24 Jun 2008 22:20:20 -0400 |
| 6 |
| Chris Walters <cjw2004d@×××××××.net> wrote: |
| 7 |
[snip] |
| 8 |
| Perhaps they appear as kernel modules? I'm just guessing. |
| 9 |
|
| 10 |
I think that is how they are supposed to appear, but I can't seem to get them |
| 11 |
to compile, and the instructions are not too helpful. |
| 12 |
|
| 13 |
[snip] |
| 14 |
|
| 15 |
| Yes, you can have multiple passwords with dm-crypt-luks. |
| 16 |
|
| 17 |
That is good. |
| 18 |
[snip |
| 19 |
|
| 20 |
| Never bothered to go so deep in the internals, but... |
| 21 |
| |
| 22 |
| I had a busyness laptop with non-sensitive (in my opinion) data, but |
| 23 |
| the managers were quite paranoid about that, so I had to encrypt the |
| 24 |
| drives to save myself the administrative trouble in case it was stolen. |
| 25 |
| I followed the gentoo-wiki how-to [1] and found out that encrypting the |
| 26 |
| hdd visibly slowed down the system. |
| 27 |
| |
| 28 |
| Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
| 29 |
| etc) can break those algorithms relatively easy. On the other hand even |
| 30 |
| weaker algorithms can protect your data against laptop thieves. |
| 31 |
|
| 32 |
That's more than a rumor. Another three letter agency (NSA) has networks of |
| 33 |
supercomputers that can brute force a passphrase is little time. I am majoring |
| 34 |
in mathematics, and plan to specialize in cryptology. I doubt they'd let me |
| 35 |
publish an algorithm that is very hard to break... It is not that I'm terribly |
| 36 |
paranoid about people getting my data, I just want to make it a little harder. |
| 37 |
Of course, it is always possible to insert code that will send the unencrypted |
| 38 |
data, once you've logged on - not easy for the casual user, but for the guru, |
| 39 |
an easy thing. |
| 40 |
|
| 41 |
| What I'm saying is that it is pointless to get very crazy about strong |
| 42 |
| and heavy algorithms. After all if your enemies are not after your |
| 43 |
| hardware, but after your data, they could always physically force you |
| 44 |
| to reveal the password. |
| 45 |
|
| 46 |
Yes, I suppose that they could do that, using torture or something like that. |
| 47 |
|
| 48 |
[snip] |
| 49 |
| Yes, you could do something like: |
| 50 |
| |
| 51 |
| head /dev/urandom | gpg --symmetric -a > key.gpg |
| 52 |
| gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device |
| 53 |
| gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device |
| 54 |
| |
| 55 |
| |
| 56 |
| (The above commands are not correct, their sole purpose is to show the |
| 57 |
| idea) |
| 58 |
|
| 59 |
Thanks for the ideas, and for the links. I will be checking them out. |
| 60 |
|
| 61 |
| [1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 |
| 62 |
| |
| 63 |
| [2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D |
| 64 |
|
| 65 |
Regards, |
| 66 |
Chris |
| 67 |
-----BEGIN PGP SIGNATURE----- |
| 68 |
|
| 69 |
iQIcBAEBCgAGBQJIYmDJAAoJEIAhA8M9p9DA0skQAOOPam7lkhP6q+8XstmaUX5s |
| 70 |
O0zIyEHyIjxi6o2cln60UVXFzac89VvJ4fXYWgA9KcagedGsbWCljp/92Xynyqng |
| 71 |
3lnZUWPZPkr0+M5khbO8EKMfEOlx4klWkbXX7kbyNWiSs1b9uWoJJqcb7fpU0mc8 |
| 72 |
6/Z/4v2EmkTCML1UHdNYaJkeJL7Tr0OxfK0gt9V8xadcZAyJQbF1YpZCqtlBEpdn |
| 73 |
Fom/tSwgpNn8Lxj5KdbFuNimflDDs4MlOfIsPUTm95mxlTw79YvTg2zqKEzmEvFE |
| 74 |
Zu3q9867JbStBLUzWJ/sB1WdTWmULm8q1N4tgGC/si02lTHHkpNoX9Sey2fw/w2x |
| 75 |
CrGBqALNyl3Buh2jMZY4+ALEr+YKnKIZFEybQtKlj971vtrj9s6m6yQM0GUoy41g |
| 76 |
zzjuIBarrr0NYwZI2rGSF/9aSoksD7GD8JIeLlDuJMpRowwsuU50IwR7cBZ2LfpX |
| 77 |
heNoxLdUfCdzeXeKOtyoPJNIvDv1LxwuUvlcxXT9vbU/ufvznCzOXlpKyoOWuL29 |
| 78 |
+aKJVKtzM4wCX+suqJZqva3npyXQMWnk45MjhE7KNvFA8k/OfBZkdxJ9F187iJi1 |
| 79 |
UoVNeenYgwogC4Y5jXKXdPNdaiFfe+byrIAmdWZOFYhPMBKY5OXO/pVcgp6kfAMe |
| 80 |
DJDh7m7neS1/8IPmfmG0 |
| 81 |
=SUZm |
| 82 |
-----END PGP SIGNATURE----- |
| 83 |
-- |
| 84 |
gentoo-user@l.g.o mailing list |
Archives