On Friday 29 July 2005 04:13, Ralph Slooten wrote: > Pupeno wrote: > >>I use the dm-crypt from the kernel.... > > > > I've read that it is unsecure and I also read that it is not yet vory > > well suported. > > You read wrong. Dm-crypt *is* the encryption technique now used in the > kernel, and it wasn't chosen out of a hat. What you do with it can make > it insecure though, like a postit with the password attached to the > monitor ;-) > > As for being supported, well if something is actually in the kernel > itself (without patches), then it IS fully supported. Dm-crypt is fully > supported since linux 2.6.4
As I said in another message, what I read is that the userland tools weren't supporting dm-crypt propersy. Probably I've read something that was outdated. > Basically, as with any encryption, your secret is as safe as your > password. There are of course tools to help you make your password even > harder to crack, like hashalot, which basically sends your password > though a pipe which hashes it into "greek" ;-) > > > I know I don't need a key, but I do want a key (stored in a remobable > > modia) encripted with a passphrase I will be able to change, or best, my > > wife can have the key protected with a different passphrase than I do. > > Beyond that, encripting with a key is much better than doing that with a > > passphrase because the passphrase can be cracked (dictionary attack) > > while the key-encripted that can't. > > It seems what you are looking for with your "key" is probably a GPG key > needed to unlock your drive. This is definitely possible, but you will > have to do the research yourself. I do know there are tutorials to use > gpg keys with encryption passsords etc... and iirc there was a tutorial > for loop-AES too on their site. If you need this is another story. I > know that gpg can have two separate kleys to do the same thing, so I > presume separate keys and passwords are an option, but I have never > ventured down that lane, as I'm not that paranoid. I use gpg myself for > mailing, and encrypting certain files themselves, but I'm not paranoid > enough to encrypt all my files with such heavy encryption. In fact, not > even the US military is that bad. They now use 256bit AES encryption, > which is the default of dm-crypt, and from an atricle I read it still > would take them a couple of decades to crack. I didn't mean to use gpg to encrypt the whole file system, that would be insane. I mean that instead of using a password te encript, to use a generated key, which is stronger and to encrypt that key with a password (and keep it on a remobable media). But now that I think of it, I don't need that much security (Am I the only one that when reading about security gets paranoid ?). I'd like this: home to be encripted in a way that can be mounted thru fstab asking the passphrase at mount-time, with the posibility to change the password easily. I think that can be achieved by using a key and encripting the key on cryptoloop, or it is simpler on loop-AES, because the passphrase con be changed easily, right ? What about dm-crypt ? is the passphrase changeable ? Thanks. -- Pupeno <[EMAIL PROTECTED]> (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar
pgpxuJZvJEj3q.pgp
Description: PGP signature
