| 1 |
On Thursday 28 July 2005 02:54, Richard Fish wrote: |
| 2 |
> Pupeno wrote: |
| 3 |
> >>I use the dm-crypt from the kernel.... |
| 4 |
> > |
| 5 |
> >I've read that it is unsecure and I also read that it is not yet vory well |
| 6 |
> >suported. |
| 7 |
> |
| 8 |
> Dm-crypt is fairly well supported, since it is in the kernel, but I find |
| 9 |
> it to be harder to setup and less 'flexible' than loop-AES (the changing |
| 10 |
> passphrase thing, for example). |
| 11 |
|
| 12 |
I know it is in the kernes, but I've read that there weren't good userland |
| 13 |
tool to work with dm-crypt. Maybe that has changed and Gentoo's userland |
| 14 |
tools can work with dm-crypt, what's the status of that ? |
| 15 |
Regarding loop-AES I've read it needs some heavy patching here and there, I |
| 16 |
don't want to do any patching myself because I am likely to loose track of |
| 17 |
it. |
| 18 |
|
| 19 |
> It provides rougly the equivalent security as loop-AES in "single-key" |
| 20 |
> mode (where a single key is used to encrypt every block). loop-AES also |
| 21 |
> supports multi-key mode, where 64 different keys are used to encrypt the |
| 22 |
> blocks. Multi-key makes certain kinds of attacks (specifically, |
| 23 |
> watermark) more difficult, but is slower. |
| 24 |
> |
| 25 |
> However, I seem to recall reading somewhere in the last couple of weeks |
| 26 |
> that dm-crypt was also getting multi-key support...maybe in the |
| 27 |
> mm-kernel, or for 2.6.13... |
| 28 |
Single key is enough for me. |
| 29 |
|
| 30 |
> >I know I don't need a key, but I do want a key (stored in a remobable |
| 31 |
> > modia) encripted with a passphrase I will be able to change, or best, my |
| 32 |
> > wife can have the key protected with a different passphrase than I do. |
| 33 |
> >Beyond that, encripting with a key is much better than doing that with a |
| 34 |
> >passphrase because the passphrase can be cracked (dictionary attack) while |
| 35 |
> >the key-encripted that can't. |
| 36 |
> |
| 37 |
> Well, technically, anything can be cracked given enough time and |
| 38 |
> computing power. |
| 39 |
Yes, ok. I should have added a 'practically' there somewhere. |
| 40 |
|
| 41 |
> For using different passwords, this is possible. You would need to |
| 42 |
> encrypt the same key file with gpg to two different .gpg files....your |
| 43 |
> wife can use one, and you can use the other. If the key files are |
| 44 |
> stored on separate pieces of removable media, then you each have your |
| 45 |
> own "keys" to the system. |
| 46 |
That's the idea, that scheme plus the best superted method out fo the box (or |
| 47 |
the net, hehehe). I believe it is cryptoloop, but I am not sure. |
| 48 |
|
| 49 |
Thanks. |
| 50 |
-- |
| 51 |
Pupeno <pupeno@××××××.com> (http://pupeno.com) |
| 52 |
Reading ? Science Fiction ? http://sfreaders.com.ar |
Archives