On Fri, Feb 01, 2008 at 03:16:47PM +0100, Michael wrote: > Hi, > > thanks for your fast answer. > > Raimo Niskanen schrieb: > > Interesting idea, but I wonder if it is necessary... > > Maybe not necessary, but still something I'd like to try. So, any ideas? > > > Again, if I remember correctly; if your salt is random enough, > > it need not be secret. It is just used to randomize your password. > > > > Attackers come with pre-calculated dictionaries and try > > to crack your password, and if the salt is unknow to the > > attacker until he/she gets into the system he/she will > > have to re-calculate the whole dictionary with the > > now known salt and rounds. And if the rounds is high > > enough re-calculating a dictionary will not be feasible. > > Well, since I want to have the partition to be automagically mounted > when I insert the USB stick (with the saltfile), having the HDD (with > the modified mount_vnd on it) and the USB stick would be enough to > decrypt it.
Aha, automagically as in not supplying a password. Then the password also has to be with the saltfile, or in cleartext in the mount script (hotplugd I guess). So the password is known if you have the HDD and the USB stick. In effect, the saltfile is the password. Have I finally got it? So therefore you need an unique and constant signature of your hardware... to become the salt and password. Sounds a bit like what M$ does to see when you install XP on too many hardwares. Find as many serial numbers and product IDs of things on your motherboard through existing hardware monitors, and run them through MD5 or SHA. Better or more specific ideas, anyone? Especially on which interesting hardware info utilities there are. > > > Michael -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
