1 |
On Friday 29 July 2005 04:13, Ralph Slooten wrote: |
2 |
> Pupeno wrote: |
3 |
> >>I use the dm-crypt from the kernel.... |
4 |
> > |
5 |
> > I've read that it is unsecure and I also read that it is not yet vory |
6 |
> > well suported. |
7 |
> |
8 |
> You read wrong. Dm-crypt *is* the encryption technique now used in the |
9 |
> kernel, and it wasn't chosen out of a hat. What you do with it can make |
10 |
> it insecure though, like a postit with the password attached to the |
11 |
> monitor ;-) |
12 |
> |
13 |
> As for being supported, well if something is actually in the kernel |
14 |
> itself (without patches), then it IS fully supported. Dm-crypt is fully |
15 |
> supported since linux 2.6.4 |
16 |
|
17 |
As I said in another message, what I read is that the userland tools weren't |
18 |
supporting dm-crypt propersy. Probably I've read something that was outdated. |
19 |
|
20 |
> Basically, as with any encryption, your secret is as safe as your |
21 |
> password. There are of course tools to help you make your password even |
22 |
> harder to crack, like hashalot, which basically sends your password |
23 |
> though a pipe which hashes it into "greek" ;-) |
24 |
> |
25 |
> > I know I don't need a key, but I do want a key (stored in a remobable |
26 |
> > modia) encripted with a passphrase I will be able to change, or best, my |
27 |
> > wife can have the key protected with a different passphrase than I do. |
28 |
> > Beyond that, encripting with a key is much better than doing that with a |
29 |
> > passphrase because the passphrase can be cracked (dictionary attack) |
30 |
> > while the key-encripted that can't. |
31 |
> |
32 |
> It seems what you are looking for with your "key" is probably a GPG key |
33 |
> needed to unlock your drive. This is definitely possible, but you will |
34 |
> have to do the research yourself. I do know there are tutorials to use |
35 |
> gpg keys with encryption passsords etc... and iirc there was a tutorial |
36 |
> for loop-AES too on their site. If you need this is another story. I |
37 |
> know that gpg can have two separate kleys to do the same thing, so I |
38 |
> presume separate keys and passwords are an option, but I have never |
39 |
> ventured down that lane, as I'm not that paranoid. I use gpg myself for |
40 |
> mailing, and encrypting certain files themselves, but I'm not paranoid |
41 |
> enough to encrypt all my files with such heavy encryption. In fact, not |
42 |
> even the US military is that bad. They now use 256bit AES encryption, |
43 |
> which is the default of dm-crypt, and from an atricle I read it still |
44 |
> would take them a couple of decades to crack. |
45 |
|
46 |
I didn't mean to use gpg to encrypt the whole file system, that would be |
47 |
insane. I mean that instead of using a password te encript, to use a |
48 |
generated key, which is stronger and to encrypt that key with a password (and |
49 |
keep it on a remobable media). |
50 |
But now that I think of it, I don't need that much security (Am I the only one |
51 |
that when reading about security gets paranoid ?). |
52 |
I'd like this: home to be encripted in a way that can be mounted thru fstab |
53 |
asking the passphrase at mount-time, with the posibility to change the |
54 |
password easily. I think that can be achieved by using a key and encripting |
55 |
the key on cryptoloop, or it is simpler on loop-AES, because the passphrase |
56 |
con be changed easily, right ? What about dm-crypt ? is the passphrase |
57 |
changeable ? |
58 |
|
59 |
Thanks. |
60 |
-- |
61 |
Pupeno <pupeno@××××××.com> (http://pupeno.com) |
62 |
Reading ? Science Fiction ? http://sfreaders.com.ar |