-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > As I said in another message, what I read is that the userland tools weren't > supporting dm-crypt propersy. Probably I've read something that was outdated.
An old bug I believe. ATM there is nothing I know of that supports a bug or flaw in any way. > I didn't mean to use gpg to encrypt the whole file system, that would be > insane. I mean that instead of using a password te encript, to use a > generated key, which is stronger and to encrypt that key with a password (and > keep it on a remobable media). > But now that I think of it, I don't need that much security (Am I the only > one > that when reading about security gets paranoid ?). I agree you don't need that much security, but no, you are not the only one paranoid ;-) I do not think howevere that any agency would spend more than 2 days trying to hack your computer without literally trying to force it out of you. If it's more serious than that, then I guess they suspect you of having all the plans /addresses of the taliban on your comp ;-) Then you're on your own, lol. Either way, with plain old AES it's a matter of brute-force, and with dm-crypt the choice is up to you what hashing you use. What I mean with hashing is that your PW is send though a <whatever> hash. The password "passwd" becomes "kæ?&GòÝ3e.!+1´¦G·Áç.??ñÓû" (in plain ASCII through a sha256 bit system used by dm-crypt). Of couse it's more compicated than that, but try getting just that password (the ascii version) with just plain text ;-) ... See you next century. To give you an example: in Holland they can give you a maximum of 3 months jail sentence for something you refuse to co-operate on .. IE: the password to your filesystem. If you think the contents are worth more then 3 months jail sentence keep your mouth shut, else just tell them. They won't crack your system even if you use 265kbit encryption. Take the .. ummm what was it called... something with a cow-logo... it was like [EMAIL PROTECTED], they solved it, using thousands of computers all over the world, and it took quite some time (2 years or so? anyone?). The thing was, it was 56bit encryption ;-) 256bit is a little (actually a LOT) more. > I'd like this: home to be encripted in a way that can be mounted thru fstab > asking the passphrase at mount-time, with the posibility to change the > password easily. I think that can be achieved by using a key and encripting > the key on cryptoloop, or it is simpler on loop-AES, because the passphrase > con be changed easily, right ? What about dm-crypt ? is the passphrase > changeable ? I believe with loop-AES, yes, but not with dm-crypt .. at least not yet. They are working on this, but I don't know how far they are. The thing is, does it need to be changed? This is for home use right? You are your spouce know the password, but how many others? A password of this measure does (IMHO) not need to be changes often at all, unless sent over an uncrypted line often. As I believe I mentioned in my previous post (beer has gotten hold of me) I mough my partitions with a bash script. It just has a list of the commands (with some error-correction) saves as an executable file. Let's call it "secdrive" ... all I say is `secdrive on` and it mounts it, asking for the password, and `secdrive off` umounting it. Pretty much the same way as fstab, except no trace of it there, and what can't be seen there isn't notived even (at least until "they" search your .bash_history files etc). I hope this os actually of some relevance ;-) If you would like more info, I wrote a tutorial on http://axljab.homelinux.org/Encryption_-_dm-crypt , and if you want I can send you my bash script which you can modify to you needs. Greetings Ralph PS: excuse the spelling mistakes. It wasn't my fault ;-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC6obvAWKxH5yWMT8RAo8bAJ0SZdjAZAa4poKxfScSMeNDJCglBgCg4XS9 UEoMt3M9a1dTJD5SEVf4JKw= =PuMm -----END PGP SIGNATURE----- -- [email protected] mailing list
