Gentoo Archives: gentoo-user

From: Sebastian Wiesner <basti.wiesner@×××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: Loop-AES versus DM-Crypt versus ???
Date: Fri, 27 Jun 2008 13:08:54
Message-Id: 200806271508.05944.basti.wiesner@gmx.net
In Reply to: [gentoo-user] Re: Loop-AES versus DM-Crypt versus ??? by 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>
1 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> at Friday 27 June 2008, 05:41:15
2 > Chris Walters wrote:
3 > > -----BEGIN PGP SIGNED MESSAGE-----
4 > > Hash: SHA512
5 > >
6 > > Sorry if this subject has been hashed and rehashed again, but I was
7 > > wondering
8 > > which Gentoo partition encryption scheme is considered the best, in
9 > > terms of:
10 > >
11 > > 1. Security
12 >
13 > "....Another thing: If I remember correctly, LUKS keeps the actual key
14 > on the encrypted disk, itself encrypted with a passphrase. Naturally
15 > this means that an attacker only has to break the passphrase, which gets
16 > him the key"
17
18 Naturally ... if the user wants to use passphrases, the key needs to be
19 related to the passphrase somehow, whether by it being derived from the
20 passphrase through hashing or it being encrypted with a second key, that is
21 derived from the passphrase.
22
23 But a decent hard disk encrpytion system should be able to store the key
24 file on a USB stick or on a smart card. Beside a increased security,
25 because there is weak passphrase, it provides increased comfort: You don't
26 have to enter a silly passphrase on every boot ;)
27
28 --
29 Freedom is always the freedom of dissenters.
30 (Rosa Luxemburg)

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-user] Re: Loop-AES versus DM-Crypt versus ??? 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>