| 1 |
On Tue, 24 Jun 2008 22:20:20 -0400 |
| 2 |
Chris Walters <cjw2004d@×××××××.net> wrote: |
| 3 |
|
| 4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 5 |
> Hash: SHA512 |
| 6 |
> |
| 7 |
> Thanks to all who replied to my previous question. This question is |
| 8 |
> related. Has anyone gotten the 'extra-ciphers' (you can get them from |
| 9 |
> the loop-aes site) to compile with the loop-aes kernel patch in |
| 10 |
> place? If so, could you give me a hint on how to do this? |
| 11 |
|
| 12 |
|
| 13 |
Perhaps they appear as kernel modules? I'm just guessing. |
| 14 |
|
| 15 |
|
| 16 |
> Also, someone said that it was possible to encrypt using multiple |
| 17 |
> passphrases using dm-crypt. To be clear are we talking about the |
| 18 |
> same type of multiple passphrases that can be used with AES and |
| 19 |
> Serpent with loop-aes? |
| 20 |
|
| 21 |
Yes, you can have multiple passwords with dm-crypt-luks. |
| 22 |
|
| 23 |
|
| 24 |
> In other words, you set up a number pg |
| 25 |
> passphrases (64 or 65), and the first block uses the first |
| 26 |
> passphrase, the second block uses the second one, etc. The 65th |
| 27 |
> passpharse is added to the hash of the encryption passphrase. |
| 28 |
|
| 29 |
|
| 30 |
Never bothered to go so deep in the internals, but... |
| 31 |
|
| 32 |
I had a busyness laptop with non-sensitive (in my opinion) data, but |
| 33 |
the managers were quite paranoid about that, so I had to encrypt the |
| 34 |
drives to save myself the administrative trouble in case it was stolen. |
| 35 |
I followed the gentoo-wiki how-to [1] and found out that encrypting the |
| 36 |
hdd visibly slowed down the system. |
| 37 |
|
| 38 |
Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
| 39 |
etc) can break those algorithms relatively easy. On the other hand even |
| 40 |
weaker algorithms can protect your data against laptop thieves. |
| 41 |
|
| 42 |
What I'm saying is that it is pointless to get very crazy about strong |
| 43 |
and heavy algorithms. After all if your enemies are not after your |
| 44 |
hardware, but after your data, they could always physically force you |
| 45 |
to reveal the password. |
| 46 |
|
| 47 |
|
| 48 |
> Also (as if that weren't enough), is it possible to encrypt the |
| 49 |
> passphrases or keys in dm-crypt with gnupg, like it is with |
| 50 |
> loop-aes? If so, please give examples. |
| 51 |
> |
| 52 |
|
| 53 |
Yes, you could do something like: |
| 54 |
|
| 55 |
head /dev/urandom | gpg --symmetric -a > key.gpg |
| 56 |
gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device |
| 57 |
gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device |
| 58 |
|
| 59 |
|
| 60 |
(The above commands are not correct, their sole purpose is to show the |
| 61 |
idea) |
| 62 |
|
| 63 |
|
| 64 |
[1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 |
| 65 |
|
| 66 |
[2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D |
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
-- |
| 71 |
Best regards, |
| 72 |
Daniel |
| 73 |
-- |
| 74 |
gentoo-user@l.g.o mailing list |
Archives