1 |
7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> at Friday 27 June 2008, 05:41:15 |
2 |
> Chris Walters wrote: |
3 |
> > -----BEGIN PGP SIGNED MESSAGE----- |
4 |
> > Hash: SHA512 |
5 |
> > |
6 |
> > Sorry if this subject has been hashed and rehashed again, but I was |
7 |
> > wondering |
8 |
> > which Gentoo partition encryption scheme is considered the best, in |
9 |
> > terms of: |
10 |
> > |
11 |
> > 1. Security |
12 |
> |
13 |
> "....Another thing: If I remember correctly, LUKS keeps the actual key |
14 |
> on the encrypted disk, itself encrypted with a passphrase. Naturally |
15 |
> this means that an attacker only has to break the passphrase, which gets |
16 |
> him the key" |
17 |
|
18 |
Naturally ... if the user wants to use passphrases, the key needs to be |
19 |
related to the passphrase somehow, whether by it being derived from the |
20 |
passphrase through hashing or it being encrypted with a second key, that is |
21 |
derived from the passphrase. |
22 |
|
23 |
But a decent hard disk encrpytion system should be able to store the key |
24 |
file on a USB stick or on a smart card. Beside a increased security, |
25 |
because there is weak passphrase, it provides increased comfort: You don't |
26 |
have to enter a silly passphrase on every boot ;) |
27 |
|
28 |
-- |
29 |
Freedom is always the freedom of dissenters. |
30 |
(Rosa Luxemburg) |