So answering your forwarded Mail Thread. What's the reason ?
Because your diskencryption stands and falls with the complexity of your passphrase. And if you were able to use a keydisk to encrypt your harddrive it would be WAY harder to bruteforce your keydisk rather than your passphrase. This advantaged is kind of "compromised" by the fact that the keydisk could be easily stolen or copied. -> keydisk encryption to mitigate that. Overcomplicated? Not so much. I'm at it so far implementing the diff. I'll see how that goes. On 2019-10-24 03:31, Aaron Mason wrote: > On Thu, Oct 24, 2019 at 10:44 AM List <l...@md5collisions.eu> wrote: >> One would obviously NOT store the key on harddisk. That wouldn't make >> any sense and is not necessary. >> >> This could be similarly achieved as the normal FDE with passphrase. But >> instead of the actual harddisk as target, the target of the "yet to >> implement" encryption of the keydisk would be the key on the keydisk >> itself. >> > So how would the system access the key if it's encrypted? > >> g >> >> On 2019-10-22 23:40, Aaron Mason wrote: >>> On Wed, Oct 23, 2019 at 5:11 AM List <l...@md5collisions.eu> wrote: >>>> I'm sorry I might have not been so clear about it. I meant a way to >>>> encrypt the actual keydisk with a passphrase. >>>> >>>> On 2019-10-18 13:34, Jan Stary wrote: >>>>>>> On Wednesday, October 16, 2019 11:06 PM, List <l...@md5collisions.eu> >>>>>>> wrote: >>>>>>>> I was wondering if there is a reason for the lack of keydisk >>>>>>>> encryption. >>>>> $ man bioctl >>>>> # bioctl -h -v -c C ... >>>>> >>> To what end? At some point you're going to have to store the >>> passphrase somewhere it can be easily read, and all you've really >>> achieved is a way to, at best, slow down a potential attacker. >>> >
signature.asc
Description: OpenPGP digital signature
