On Tuesday, 19 September 2023 12:13:40 BST Dale wrote: > Hmmmm, > > For some reason, I didn't get Michael's email. I see him being quoted > but don't have his original. I wonder what is up with that. O-o
Assuming you will receive this message, have a look here: https://marc.info/?l=gentoo-user&m=169511184714476&w=2 > Rich Freeman wrote: > > On Tue, Sep 19, 2023 at 4:26 AM Michael <confabul...@kintzios.com> wrote: > >> On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > >>> Howdy, > >> > >> A strong > >> password, like a strong door lock, buys you time. Hence the general > >> recommendation to change your passwords frequently. > > > > While that can help on websites, it is of no use for full disk > > encryption passwords - at least not without jumping through some big > > hoops. > > > > In order to crack your LUKS password somebody obviously needs to be > > able to read the encrypted contents of your disk. They cannot begin > > cracking it until they have a copy of the LUKS headers. However, once > > they do have it, they can make a copy and crack it at their leisure. > > If they manage to crack it, then it will give them the volume key. At > > that point if they were able to make a full copy of your disk they can > > read whatever was on it at the time. If they can make a fresh copy of > > your disk then changing the passphrase will not change the volume key, > > and so they'll be able to read what is currently on your disk. > > > > Changing the volume key would defeat this, but requires running > > cryptsetup-reencrypt which will take considerable time/CPU, though it > > sounds like it can be done online. > > Let's jump into a hypothetical here. Let's say I'm a nasty terrorist or > some other really evil dude. Let's say I have passwords are that really > good. Let's say around 20 characters and a really nice mix of > characters. If some gov't agency got my hard drive, how long would it > take for them to crack it? A couple of minutes? https://xkcd.com/538/ :-)
signature.asc
Description: This is a digitally signed message part.