From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KBUvF-0004i5-6l for garchives@archives.gentoo.org; Wed, 25 Jun 2008 13:20:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3B2E9E031A; Wed, 25 Jun 2008 13:20:27 +0000 (UTC) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by pigeon.gentoo.org (Postfix) with ESMTP id 954EAE031A for ; Wed, 25 Jun 2008 13:20:26 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id d23so1906087fga.14 for ; Wed, 25 Jun 2008 06:20:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=6S7meDeRwFoRI/CuNhDjJDZyWpfxf2E0gKDzLV3izOE=; b=xMTLflouef2Ued+oUhPc85YRqERSjRdj2pcDJBlAqmjFGkTntiNBtg2I4ybpkit3AU Uv9j2Lo58aBCrJqlN6lrYYjXYf5WDFSZV+9tAngwGQyibQfxc545KFI6d1XcA2v4z46+ kD93ESVuuLrv3YtWa+wvKjeQrAdDhwZeUn/Jc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=JPCdu3DMQBFFNafBsfRTXxdoqAydByK1Tgwn0/b3P0fYV2Hg9u2stFg1Ssyps5rO8+ FKZkULwy9iLW/Tqvb+S5eZcaJz2qaI3AQp23AXZD4DQ0NfPkEUBaSI9FQfb5xus75JE7 ISn1h1iRR6q2h8t6SplODj5//SRqs0oaQhCrA= Received: by 10.86.92.7 with SMTP id p7mr10435418fgb.72.1214400025997; Wed, 25 Jun 2008 06:20:25 -0700 (PDT) Received: from ilievnet.com ( [84.21.204.1]) by mx.google.com with ESMTPS id d4sm13196222fga.8.2008.06.25.06.20.24 (version=SSLv3 cipher=RC4-MD5); Wed, 25 Jun 2008 06:20:25 -0700 (PDT) Date: Wed, 25 Jun 2008 16:20:22 +0300 From: Daniel Iliev To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] loop-aes + extra-ciphers... Message-ID: <20080625162022.5c4d5e35@ilievnet.com> In-Reply-To: <4861AB64.9000709@comcast.net> References: <4861AB64.9000709@comcast.net> X-Mailer: Claws Mail 3.4.0 (GTK+ 2.12.9; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 21890ea6-4bf1-4a4f-b70a-ba0dabfc1106 X-Archives-Hash: 86a3bf1740538689a25e8442f09877a0 On Tue, 24 Jun 2008 22:20:20 -0400 Chris Walters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Thanks to all who replied to my previous question. This question is > related. Has anyone gotten the 'extra-ciphers' (you can get them from > the loop-aes site) to compile with the loop-aes kernel patch in > place? If so, could you give me a hint on how to do this? Perhaps they appear as kernel modules? I'm just guessing. > Also, someone said that it was possible to encrypt using multiple > passphrases using dm-crypt. To be clear are we talking about the > same type of multiple passphrases that can be used with AES and > Serpent with loop-aes? Yes, you can have multiple passwords with dm-crypt-luks. > In other words, you set up a number pg > passphrases (64 or 65), and the first block uses the first > passphrase, the second block uses the second one, etc. The 65th > passpharse is added to the hash of the encryption passphrase. Never bothered to go so deep in the internals, but... I had a busyness laptop with non-sensitive (in my opinion) data, but the managers were quite paranoid about that, so I had to encrypt the drives to save myself the administrative trouble in case it was stolen. I followed the gentoo-wiki how-to [1] and found out that encrypting the hdd visibly slowed down the system. Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], etc) can break those algorithms relatively easy. On the other hand even weaker algorithms can protect your data against laptop thieves. What I'm saying is that it is pointless to get very crazy about strong and heavy algorithms. After all if your enemies are not after your hardware, but after your data, they could always physically force you to reveal the password. > Also (as if that weren't enough), is it possible to encrypt the > passphrases or keys in dm-crypt with gnupg, like it is with > loop-aes? If so, please give examples. > Yes, you could do something like: head /dev/urandom | gpg --symmetric -a > key.gpg gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device (The above commands are not correct, their sole purpose is to show the idea) [1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 [2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list