1 |
On Thursday 28 July 2005 02:54, Richard Fish wrote: |
2 |
> Pupeno wrote: |
3 |
> >>I use the dm-crypt from the kernel.... |
4 |
> > |
5 |
> >I've read that it is unsecure and I also read that it is not yet vory well |
6 |
> >suported. |
7 |
> |
8 |
> Dm-crypt is fairly well supported, since it is in the kernel, but I find |
9 |
> it to be harder to setup and less 'flexible' than loop-AES (the changing |
10 |
> passphrase thing, for example). |
11 |
|
12 |
I know it is in the kernes, but I've read that there weren't good userland |
13 |
tool to work with dm-crypt. Maybe that has changed and Gentoo's userland |
14 |
tools can work with dm-crypt, what's the status of that ? |
15 |
Regarding loop-AES I've read it needs some heavy patching here and there, I |
16 |
don't want to do any patching myself because I am likely to loose track of |
17 |
it. |
18 |
|
19 |
> It provides rougly the equivalent security as loop-AES in "single-key" |
20 |
> mode (where a single key is used to encrypt every block). loop-AES also |
21 |
> supports multi-key mode, where 64 different keys are used to encrypt the |
22 |
> blocks. Multi-key makes certain kinds of attacks (specifically, |
23 |
> watermark) more difficult, but is slower. |
24 |
> |
25 |
> However, I seem to recall reading somewhere in the last couple of weeks |
26 |
> that dm-crypt was also getting multi-key support...maybe in the |
27 |
> mm-kernel, or for 2.6.13... |
28 |
Single key is enough for me. |
29 |
|
30 |
> >I know I don't need a key, but I do want a key (stored in a remobable |
31 |
> > modia) encripted with a passphrase I will be able to change, or best, my |
32 |
> > wife can have the key protected with a different passphrase than I do. |
33 |
> >Beyond that, encripting with a key is much better than doing that with a |
34 |
> >passphrase because the passphrase can be cracked (dictionary attack) while |
35 |
> >the key-encripted that can't. |
36 |
> |
37 |
> Well, technically, anything can be cracked given enough time and |
38 |
> computing power. |
39 |
Yes, ok. I should have added a 'practically' there somewhere. |
40 |
|
41 |
> For using different passwords, this is possible. You would need to |
42 |
> encrypt the same key file with gpg to two different .gpg files....your |
43 |
> wife can use one, and you can use the other. If the key files are |
44 |
> stored on separate pieces of removable media, then you each have your |
45 |
> own "keys" to the system. |
46 |
That's the idea, that scheme plus the best superted method out fo the box (or |
47 |
the net, hehehe). I believe it is cryptoloop, but I am not sure. |
48 |
|
49 |
Thanks. |
50 |
-- |
51 |
Pupeno <pupeno@××××××.com> (http://pupeno.com) |
52 |
Reading ? Science Fiction ? http://sfreaders.com.ar |