| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
> As I said in another message, what I read is that the userland tools weren't |
| 5 |
> supporting dm-crypt propersy. Probably I've read something that was outdated. |
| 6 |
|
| 7 |
An old bug I believe. ATM there is nothing I know of that supports a bug |
| 8 |
or flaw in any way. |
| 9 |
|
| 10 |
> I didn't mean to use gpg to encrypt the whole file system, that would be |
| 11 |
> insane. I mean that instead of using a password te encript, to use a |
| 12 |
> generated key, which is stronger and to encrypt that key with a password (and |
| 13 |
> keep it on a remobable media). |
| 14 |
|
| 15 |
> But now that I think of it, I don't need that much security (Am I the only one |
| 16 |
> that when reading about security gets paranoid ?). |
| 17 |
|
| 18 |
I agree you don't need that much security, but no, you are not the only |
| 19 |
one paranoid ;-) I do not think howevere that any agency would spend |
| 20 |
more than 2 days trying to hack your computer without literally trying |
| 21 |
to force it out of you. If it's more serious than that, then I guess |
| 22 |
they suspect you of having all the plans /addresses of the taliban on |
| 23 |
your comp ;-) Then you're on your own, lol. Either way, with plain old |
| 24 |
AES it's a matter of brute-force, and with dm-crypt the choice is up to |
| 25 |
you what hashing you use. What I mean with hashing is that your PW is |
| 26 |
send though a <whatever> hash. The password "passwd" becomes |
| 27 |
"kæ?&GòÝ3e.!+1´¦G·Áç.??ñÓû" (in plain ASCII through a sha256 bit system |
| 28 |
used by dm-crypt). Of couse it's more compicated than that, but try |
| 29 |
getting just that password (the ascii version) with just plain text ;-) |
| 30 |
... See you next century. |
| 31 |
|
| 32 |
To give you an example: in Holland they can give you a maximum of 3 |
| 33 |
months jail sentence for something you refuse to co-operate on .. IE: |
| 34 |
the password to your filesystem. If you think the contents are worth |
| 35 |
more then 3 months jail sentence keep your mouth shut, else just tell |
| 36 |
them. They won't crack your system even if you use 265kbit encryption. |
| 37 |
Take the .. ummm what was it called... something with a cow-logo... it |
| 38 |
was like seti@home, they solved it, using thousands of computers all |
| 39 |
over the world, and it took quite some time (2 years or so? anyone?). |
| 40 |
The thing was, it was 56bit encryption ;-) 256bit is a little (actually |
| 41 |
a LOT) more. |
| 42 |
|
| 43 |
> I'd like this: home to be encripted in a way that can be mounted thru fstab |
| 44 |
> asking the passphrase at mount-time, with the posibility to change the |
| 45 |
> password easily. I think that can be achieved by using a key and encripting |
| 46 |
> the key on cryptoloop, or it is simpler on loop-AES, because the passphrase |
| 47 |
> con be changed easily, right ? What about dm-crypt ? is the passphrase |
| 48 |
> changeable ? |
| 49 |
|
| 50 |
I believe with loop-AES, yes, but not with dm-crypt .. at least not yet. |
| 51 |
They are working on this, but I don't know how far they are. The thing |
| 52 |
is, does it need to be changed? This is for home use right? You are your |
| 53 |
spouce know the password, but how many others? A password of this |
| 54 |
measure does (IMHO) not need to be changes often at all, unless sent |
| 55 |
over an uncrypted line often. |
| 56 |
|
| 57 |
As I believe I mentioned in my previous post (beer has gotten hold of |
| 58 |
me) I mough my partitions with a bash script. It just has a list of the |
| 59 |
commands (with some error-correction) saves as an executable file. Let's |
| 60 |
call it "secdrive" ... all I say is `secdrive on` and it mounts it, |
| 61 |
asking for the password, and `secdrive off` umounting it. Pretty much |
| 62 |
the same way as fstab, except no trace of it there, and what can't be |
| 63 |
seen there isn't notived even (at least until "they" search your |
| 64 |
.bash_history files etc). |
| 65 |
|
| 66 |
I hope this os actually of some relevance ;-) |
| 67 |
|
| 68 |
If you would like more info, I wrote a tutorial on |
| 69 |
http://axljab.homelinux.org/Encryption_-_dm-crypt , and if you want I |
| 70 |
can send you my bash script which you can modify to you needs. |
| 71 |
|
| 72 |
Greetings |
| 73 |
Ralph |
| 74 |
|
| 75 |
PS: excuse the spelling mistakes. It wasn't my fault ;-) |
| 76 |
-----BEGIN PGP SIGNATURE----- |
| 77 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 78 |
|
| 79 |
iD8DBQFC6obvAWKxH5yWMT8RAo8bAJ0SZdjAZAa4poKxfScSMeNDJCglBgCg4XS9 |
| 80 |
UEoMt3M9a1dTJD5SEVf4JKw= |
| 81 |
=PuMm |
| 82 |
-----END PGP SIGNATURE----- |
| 83 |
-- |
| 84 |
gentoo-user@g.o mailing list |
Archives