Re: [gentoo-user] loop-aes + extra-ciphers...

[Chris Walters <cjw2004d@comcast.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Daniel Iliev wrote:
| On Tue, 24 Jun 2008 22:20:20 -0400
| Chris Walters <cjw2004d@comcast.net> wrote:
[snip]
| Perhaps they appear as kernel modules? I'm just guessing.

I think that is how they are supposed to appear, but I can't seem to get them
to compile, and the instructions are not too helpful.

[snip]

| Yes, you can have multiple passwords with dm-crypt-luks.

That is good.
[snip

| Never bothered to go so deep in the internals, but...
|
| I had a busyness laptop with non-sensitive (in my opinion) data, but
| the managers were quite paranoid about that, so I had to encrypt the
| drives to save myself the administrative trouble in case it was stolen.
| I followed the gentoo-wiki how-to [1] and found out that encrypting the
| hdd visibly slowed down the system.
|
| Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2],
| etc) can break those algorithms relatively easy. On the other hand even
| weaker algorithms can protect your data against laptop thieves.

That's more than a rumor.  Another three letter agency (NSA) has networks of
supercomputers that can brute force a passphrase is little time.  I am majoring
in mathematics, and plan to specialize in cryptology.  I doubt they'd let me
publish an algorithm that is very hard to break...  It is not that I'm terribly
paranoid about people getting my data, I just want to make it a little harder.
Of course, it is always possible to insert code that will send the unencrypted
data, once you've logged on - not easy for the casual user, but for the guru,
an easy thing.

| What I'm saying is that it is pointless to get very crazy about strong
| and heavy algorithms. After all if your enemies are not after your
| hardware, but after your data, they could always physically force you
| to reveal the password.

Yes, I suppose that they could do that, using torture or something like that.

[snip]
| Yes, you could do something like:
|
| head /dev/urandom | gpg --symmetric -a > key.gpg
| gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device
| gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device
|
|
| (The above commands are not correct, their sole purpose is to show the
| idea)

Thanks for the ideas, and for the links.  I will be checking them out.

| [1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6
|
| [2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D

Regards,
Chris
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJIYmDJAAoJEIAhA8M9p9DA0skQAOOPam7lkhP6q+8XstmaUX5s
O0zIyEHyIjxi6o2cln60UVXFzac89VvJ4fXYWgA9KcagedGsbWCljp/92Xynyqng
3lnZUWPZPkr0+M5khbO8EKMfEOlx4klWkbXX7kbyNWiSs1b9uWoJJqcb7fpU0mc8
6/Z/4v2EmkTCML1UHdNYaJkeJL7Tr0OxfK0gt9V8xadcZAyJQbF1YpZCqtlBEpdn
Fom/tSwgpNn8Lxj5KdbFuNimflDDs4MlOfIsPUTm95mxlTw79YvTg2zqKEzmEvFE
Zu3q9867JbStBLUzWJ/sB1WdTWmULm8q1N4tgGC/si02lTHHkpNoX9Sey2fw/w2x
CrGBqALNyl3Buh2jMZY4+ALEr+YKnKIZFEybQtKlj971vtrj9s6m6yQM0GUoy41g
zzjuIBarrr0NYwZI2rGSF/9aSoksD7GD8JIeLlDuJMpRowwsuU50IwR7cBZ2LfpX
heNoxLdUfCdzeXeKOtyoPJNIvDv1LxwuUvlcxXT9vbU/ufvznCzOXlpKyoOWuL29
+aKJVKtzM4wCX+suqJZqva3npyXQMWnk45MjhE7KNvFA8k/OfBZkdxJ9F187iJi1
UoVNeenYgwogC4Y5jXKXdPNdaiFfe+byrIAmdWZOFYhPMBKY5OXO/pVcgp6kfAMe
DJDh7m7neS1/8IPmfmG0
=SUZm
-----END PGP SIGNATURE-----
-- 
gentoo-user@lists.gentoo.org mailing list