1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
> As I said in another message, what I read is that the userland tools weren't |
5 |
> supporting dm-crypt propersy. Probably I've read something that was outdated. |
6 |
|
7 |
An old bug I believe. ATM there is nothing I know of that supports a bug |
8 |
or flaw in any way. |
9 |
|
10 |
> I didn't mean to use gpg to encrypt the whole file system, that would be |
11 |
> insane. I mean that instead of using a password te encript, to use a |
12 |
> generated key, which is stronger and to encrypt that key with a password (and |
13 |
> keep it on a remobable media). |
14 |
|
15 |
> But now that I think of it, I don't need that much security (Am I the only one |
16 |
> that when reading about security gets paranoid ?). |
17 |
|
18 |
I agree you don't need that much security, but no, you are not the only |
19 |
one paranoid ;-) I do not think howevere that any agency would spend |
20 |
more than 2 days trying to hack your computer without literally trying |
21 |
to force it out of you. If it's more serious than that, then I guess |
22 |
they suspect you of having all the plans /addresses of the taliban on |
23 |
your comp ;-) Then you're on your own, lol. Either way, with plain old |
24 |
AES it's a matter of brute-force, and with dm-crypt the choice is up to |
25 |
you what hashing you use. What I mean with hashing is that your PW is |
26 |
send though a <whatever> hash. The password "passwd" becomes |
27 |
"kæ?&GòÝ3e.!+1´¦G·Áç.??ñÓû" (in plain ASCII through a sha256 bit system |
28 |
used by dm-crypt). Of couse it's more compicated than that, but try |
29 |
getting just that password (the ascii version) with just plain text ;-) |
30 |
... See you next century. |
31 |
|
32 |
To give you an example: in Holland they can give you a maximum of 3 |
33 |
months jail sentence for something you refuse to co-operate on .. IE: |
34 |
the password to your filesystem. If you think the contents are worth |
35 |
more then 3 months jail sentence keep your mouth shut, else just tell |
36 |
them. They won't crack your system even if you use 265kbit encryption. |
37 |
Take the .. ummm what was it called... something with a cow-logo... it |
38 |
was like seti@home, they solved it, using thousands of computers all |
39 |
over the world, and it took quite some time (2 years or so? anyone?). |
40 |
The thing was, it was 56bit encryption ;-) 256bit is a little (actually |
41 |
a LOT) more. |
42 |
|
43 |
> I'd like this: home to be encripted in a way that can be mounted thru fstab |
44 |
> asking the passphrase at mount-time, with the posibility to change the |
45 |
> password easily. I think that can be achieved by using a key and encripting |
46 |
> the key on cryptoloop, or it is simpler on loop-AES, because the passphrase |
47 |
> con be changed easily, right ? What about dm-crypt ? is the passphrase |
48 |
> changeable ? |
49 |
|
50 |
I believe with loop-AES, yes, but not with dm-crypt .. at least not yet. |
51 |
They are working on this, but I don't know how far they are. The thing |
52 |
is, does it need to be changed? This is for home use right? You are your |
53 |
spouce know the password, but how many others? A password of this |
54 |
measure does (IMHO) not need to be changes often at all, unless sent |
55 |
over an uncrypted line often. |
56 |
|
57 |
As I believe I mentioned in my previous post (beer has gotten hold of |
58 |
me) I mough my partitions with a bash script. It just has a list of the |
59 |
commands (with some error-correction) saves as an executable file. Let's |
60 |
call it "secdrive" ... all I say is `secdrive on` and it mounts it, |
61 |
asking for the password, and `secdrive off` umounting it. Pretty much |
62 |
the same way as fstab, except no trace of it there, and what can't be |
63 |
seen there isn't notived even (at least until "they" search your |
64 |
.bash_history files etc). |
65 |
|
66 |
I hope this os actually of some relevance ;-) |
67 |
|
68 |
If you would like more info, I wrote a tutorial on |
69 |
http://axljab.homelinux.org/Encryption_-_dm-crypt , and if you want I |
70 |
can send you my bash script which you can modify to you needs. |
71 |
|
72 |
Greetings |
73 |
Ralph |
74 |
|
75 |
PS: excuse the spelling mistakes. It wasn't my fault ;-) |
76 |
-----BEGIN PGP SIGNATURE----- |
77 |
Version: GnuPG v1.4.1 (GNU/Linux) |
78 |
|
79 |
iD8DBQFC6obvAWKxH5yWMT8RAo8bAJ0SZdjAZAa4poKxfScSMeNDJCglBgCg4XS9 |
80 |
UEoMt3M9a1dTJD5SEVf4JKw= |
81 |
=PuMm |
82 |
-----END PGP SIGNATURE----- |
83 |
-- |
84 |
gentoo-user@g.o mailing list |