-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-07-22 08:15, TheFactory wrote: > Another good use for this feature is that you can pre-program in some > landmines to destroy the drive and overcome brute force. Since the LUKS > password prompt on my install of 3.2 has little to no delay between > password attempts one could use a mid range gpu to try millions of > passwords. The drive itself can be copied dozens of times to increase the > chances of getting the password. >
You can configure the iteration time manually by following the instructions here: https://www.qubes-os.org/doc/encryption-config/ Remember that the actual number of iterations depends on the speed of your hardware. The cryptsetup default is one second (1000 milliseconds). > However if > > If you had a limit of 10 or 20 tries before drive wipe. > > And had a dozen or more fake passwords that would induce drive wipe. > > And had some sort of delay in each password attempt built in.(veracrypt > takes forever to process your password input for instance) > > Using tpm ontop of this would also at least frustrate their attempts at > mirroring the drive. > > You could be reasonably certian that even powerful attempts at getting the > drive open will be hopeless. Though, you may get yourself in some physical > trouble. > > I have wanted features like the above ones for some time. > As Andrew pointed out, offline brute forcing doesn't work this way. Attackers wouldn't attempt to brute force your encrypted drive using your hardware and software. They would just take a copy the ciphertext and attempt to decrypt it with their own software on their own (much more powerful) hardware. (However, the use of a TPM would make a difference here, for the reason Andrew points out.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXkqY8AAoJENtN07w5UDAwZXAP/ij0gz89b4uLroC8FGvUpq7i BeeNmyZzTYJzrRpp/BuUzUeCRJpbiNX1qaNTgQrhCvErXcPtj0UB1pzUG4JFIU1c DfJkHiVWpK33q95oiJg6XlitWN/3bzjBN1g6oeK9v0tcyrQtdhACcJnP5z9EttDP 43PiQ0vvGPwzGYRTmGAW0swF5jGemAYtF3oFSwuoe9brScgZ61XRep3kyBIIeZy0 cWMQEfaFVa4wn5w73t1VVnk6//FlA7SBhqW16romN1Wlq0Cu7It1kP4ShhId722n UL015dmvxAPlKcqjSSrNoBtZqJeg+37W5ewMJUlAZb7brMiW9qQ+S72k7pN8Degf alCOO5LFwXo6mw8a/4GNg6/zAeQ7fJm9/3Xus/HU01qqUWBXC0HkAxLFWNR9/OsY NIQKLsiSMe+Hn1XHgBjGaOngkP4M1HrcSnrjwGu3nCn6YTe1DQMODAFrJ00x4zHc 0KZsvM7DL3hAsYbBjeUqx0WgucXQMLZiraBGvGQpw9uZcmHz0M4rVbNxN+iogX7q JBMqV3y8JKMAijpZHYAerzMaqUTjl/JcRYSUDDTMlZxl4k20tD9tX2tWqwWXgKqw vOkleOXKw7pDUWPtuKV8nDW3tSm6w8ZrMk5srtxv2GS6T5+QII6FPO7K+NEAgu0x KFQ17AyCiFlZeVxYeNct =QqBa -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5f44f77-0534-3b1a-077e-55fcb3ebb2ca%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
