On 2/1/08, Michael <[EMAIL PROTECTED]> wrote: > Before I get to my real question... the mount_vnd option "rounds". What > does it really do and which would be a good value? Does it depend? if > so, on what? The size of the saltfile or length of the password?
the minimum value is "longer than your attack will wait" and the max value is "as long as you are willing to wait". but since you've decided to store the key with the data, it makes absolutely no difference. attackers don't have to crack the key when you give it to them. > Ok, back to topic. I was thinking about to use a saltfile which consists > of the keyfile on the USB stick, but also of some checksum or some other > information gathered from the hardware, so it would only be possible to > decrypt the partition on the same hardware, so even if you steal or copy > the HDD and the USB stick, decrypting would be impossible. your attacker is going to take the time to remove the hard drive before stealing it? how polite.
