On Thursday 28 July 2005 02:54, Richard Fish wrote: > Pupeno wrote: > >>I use the dm-crypt from the kernel.... > > > >I've read that it is unsecure and I also read that it is not yet vory well > >suported. > > Dm-crypt is fairly well supported, since it is in the kernel, but I find > it to be harder to setup and less 'flexible' than loop-AES (the changing > passphrase thing, for example).
I know it is in the kernes, but I've read that there weren't good userland tool to work with dm-crypt. Maybe that has changed and Gentoo's userland tools can work with dm-crypt, what's the status of that ? Regarding loop-AES I've read it needs some heavy patching here and there, I don't want to do any patching myself because I am likely to loose track of it. > It provides rougly the equivalent security as loop-AES in "single-key" > mode (where a single key is used to encrypt every block). loop-AES also > supports multi-key mode, where 64 different keys are used to encrypt the > blocks. Multi-key makes certain kinds of attacks (specifically, > watermark) more difficult, but is slower. > > However, I seem to recall reading somewhere in the last couple of weeks > that dm-crypt was also getting multi-key support...maybe in the > mm-kernel, or for 2.6.13... Single key is enough for me. > >I know I don't need a key, but I do want a key (stored in a remobable > > modia) encripted with a passphrase I will be able to change, or best, my > > wife can have the key protected with a different passphrase than I do. > >Beyond that, encripting with a key is much better than doing that with a > >passphrase because the passphrase can be cracked (dictionary attack) while > >the key-encripted that can't. > > Well, technically, anything can be cracked given enough time and > computing power. Yes, ok. I should have added a 'practically' there somewhere. > For using different passwords, this is possible. You would need to > encrypt the same key file with gpg to two different .gpg files....your > wife can use one, and you can use the other. If the key files are > stored on separate pieces of removable media, then you each have your > own "keys" to the system. That's the idea, that scheme plus the best superted method out fo the box (or the net, hehehe). I believe it is cryptoloop, but I am not sure. Thanks. -- Pupeno <[EMAIL PROTECTED]> (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar
pgpd6SXZCz4zG.pgp
Description: PGP signature