1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Daniel Iliev wrote: |
5 |
| On Tue, 24 Jun 2008 22:20:20 -0400 |
6 |
| Chris Walters <cjw2004d@×××××××.net> wrote: |
7 |
[snip] |
8 |
| Perhaps they appear as kernel modules? I'm just guessing. |
9 |
|
10 |
I think that is how they are supposed to appear, but I can't seem to get them |
11 |
to compile, and the instructions are not too helpful. |
12 |
|
13 |
[snip] |
14 |
|
15 |
| Yes, you can have multiple passwords with dm-crypt-luks. |
16 |
|
17 |
That is good. |
18 |
[snip |
19 |
|
20 |
| Never bothered to go so deep in the internals, but... |
21 |
| |
22 |
| I had a busyness laptop with non-sensitive (in my opinion) data, but |
23 |
| the managers were quite paranoid about that, so I had to encrypt the |
24 |
| drives to save myself the administrative trouble in case it was stolen. |
25 |
| I followed the gentoo-wiki how-to [1] and found out that encrypting the |
26 |
| hdd visibly slowed down the system. |
27 |
| |
28 |
| Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
29 |
| etc) can break those algorithms relatively easy. On the other hand even |
30 |
| weaker algorithms can protect your data against laptop thieves. |
31 |
|
32 |
That's more than a rumor. Another three letter agency (NSA) has networks of |
33 |
supercomputers that can brute force a passphrase is little time. I am majoring |
34 |
in mathematics, and plan to specialize in cryptology. I doubt they'd let me |
35 |
publish an algorithm that is very hard to break... It is not that I'm terribly |
36 |
paranoid about people getting my data, I just want to make it a little harder. |
37 |
Of course, it is always possible to insert code that will send the unencrypted |
38 |
data, once you've logged on - not easy for the casual user, but for the guru, |
39 |
an easy thing. |
40 |
|
41 |
| What I'm saying is that it is pointless to get very crazy about strong |
42 |
| and heavy algorithms. After all if your enemies are not after your |
43 |
| hardware, but after your data, they could always physically force you |
44 |
| to reveal the password. |
45 |
|
46 |
Yes, I suppose that they could do that, using torture or something like that. |
47 |
|
48 |
[snip] |
49 |
| Yes, you could do something like: |
50 |
| |
51 |
| head /dev/urandom | gpg --symmetric -a > key.gpg |
52 |
| gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device |
53 |
| gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device |
54 |
| |
55 |
| |
56 |
| (The above commands are not correct, their sole purpose is to show the |
57 |
| idea) |
58 |
|
59 |
Thanks for the ideas, and for the links. I will be checking them out. |
60 |
|
61 |
| [1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 |
62 |
| |
63 |
| [2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D |
64 |
|
65 |
Regards, |
66 |
Chris |
67 |
-----BEGIN PGP SIGNATURE----- |
68 |
|
69 |
iQIcBAEBCgAGBQJIYmDJAAoJEIAhA8M9p9DA0skQAOOPam7lkhP6q+8XstmaUX5s |
70 |
O0zIyEHyIjxi6o2cln60UVXFzac89VvJ4fXYWgA9KcagedGsbWCljp/92Xynyqng |
71 |
3lnZUWPZPkr0+M5khbO8EKMfEOlx4klWkbXX7kbyNWiSs1b9uWoJJqcb7fpU0mc8 |
72 |
6/Z/4v2EmkTCML1UHdNYaJkeJL7Tr0OxfK0gt9V8xadcZAyJQbF1YpZCqtlBEpdn |
73 |
Fom/tSwgpNn8Lxj5KdbFuNimflDDs4MlOfIsPUTm95mxlTw79YvTg2zqKEzmEvFE |
74 |
Zu3q9867JbStBLUzWJ/sB1WdTWmULm8q1N4tgGC/si02lTHHkpNoX9Sey2fw/w2x |
75 |
CrGBqALNyl3Buh2jMZY4+ALEr+YKnKIZFEybQtKlj971vtrj9s6m6yQM0GUoy41g |
76 |
zzjuIBarrr0NYwZI2rGSF/9aSoksD7GD8JIeLlDuJMpRowwsuU50IwR7cBZ2LfpX |
77 |
heNoxLdUfCdzeXeKOtyoPJNIvDv1LxwuUvlcxXT9vbU/ufvznCzOXlpKyoOWuL29 |
78 |
+aKJVKtzM4wCX+suqJZqva3npyXQMWnk45MjhE7KNvFA8k/OfBZkdxJ9F187iJi1 |
79 |
UoVNeenYgwogC4Y5jXKXdPNdaiFfe+byrIAmdWZOFYhPMBKY5OXO/pVcgp6kfAMe |
80 |
DJDh7m7neS1/8IPmfmG0 |
81 |
=SUZm |
82 |
-----END PGP SIGNATURE----- |
83 |
-- |
84 |
gentoo-user@l.g.o mailing list |