From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KBWhe-0006ai-HJ for garchives@archives.gentoo.org; Wed, 25 Jun 2008 15:14:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CF2B6E030D; Wed, 25 Jun 2008 15:14:32 +0000 (UTC) Received: from QMTA09.westchester.pa.mail.comcast.net (qmta09.westchester.pa.mail.comcast.net [76.96.62.96]) by pigeon.gentoo.org (Postfix) with ESMTP id A2D70E030D for ; Wed, 25 Jun 2008 15:14:32 +0000 (UTC) Received: from OMTA05.westchester.pa.mail.comcast.net ([76.96.62.43]) by QMTA09.westchester.pa.mail.comcast.net with comcast id iEzu1Z00M0vyq2s5905E00; Wed, 25 Jun 2008 15:14:32 +0000 Received: from [68.61.219.200] ([68.61.219.200]) by OMTA05.westchester.pa.mail.comcast.net with comcast id iFEQ1Z00G4L0yh83RFERpd; Wed, 25 Jun 2008 15:14:25 +0000 X-Authority-Analysis: v=1.0 c=1 a=JN1OLPh-zVUA:10 a=zXUnsmeS2A4A:10 a=6D-Hy7tQAAAA:8 a=FZCW_-O0Tg_MOFk2bNAA:9 a=i0wIZaWYAu9OuG_KKRUA:7 a=i4-QcdmTog1D6vm4hPYHiUhC6wAA:4 a=ngRKYEkNHxAA:10 a=ejhWE5vRYPsA:10 a=YLT1EJ14glEA:10 a=si9q_4b84H0A:10 a=rPt6xJ-oxjAA:10 Message-ID: <486260CC.109@comcast.net> Date: Wed, 25 Jun 2008 11:14:20 -0400 From: Chris Walters User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] loop-aes + extra-ciphers... References: <4861AB64.9000709@comcast.net> <20080625162022.5c4d5e35@ilievnet.com> In-Reply-To: <20080625162022.5c4d5e35@ilievnet.com> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 33abf07a-db4f-472b-ab1d-8a70b329aac5 X-Archives-Hash: 3dae390789167e590460009d38ef95a7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Iliev wrote: | On Tue, 24 Jun 2008 22:20:20 -0400 | Chris Walters wrote: [snip] | Perhaps they appear as kernel modules? I'm just guessing. I think that is how they are supposed to appear, but I can't seem to get them to compile, and the instructions are not too helpful. [snip] | Yes, you can have multiple passwords with dm-crypt-luks. That is good. [snip | Never bothered to go so deep in the internals, but... | | I had a busyness laptop with non-sensitive (in my opinion) data, but | the managers were quite paranoid about that, so I had to encrypt the | drives to save myself the administrative trouble in case it was stolen. | I followed the gentoo-wiki how-to [1] and found out that encrypting the | hdd visibly slowed down the system. | | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], | etc) can break those algorithms relatively easy. On the other hand even | weaker algorithms can protect your data against laptop thieves. That's more than a rumor. Another three letter agency (NSA) has networks of supercomputers that can brute force a passphrase is little time. I am majoring in mathematics, and plan to specialize in cryptology. I doubt they'd let me publish an algorithm that is very hard to break... It is not that I'm terribly paranoid about people getting my data, I just want to make it a little harder. Of course, it is always possible to insert code that will send the unencrypted data, once you've logged on - not easy for the casual user, but for the guru, an easy thing. | What I'm saying is that it is pointless to get very crazy about strong | and heavy algorithms. After all if your enemies are not after your | hardware, but after your data, they could always physically force you | to reveal the password. Yes, I suppose that they could do that, using torture or something like that. [snip] | Yes, you could do something like: | | head /dev/urandom | gpg --symmetric -a > key.gpg | gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device | gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device | | | (The above commands are not correct, their sole purpose is to show the | idea) Thanks for the ideas, and for the links. I will be checking them out. | [1] System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6 | | [2] M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph :D Regards, Chris -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJIYmDJAAoJEIAhA8M9p9DA0skQAOOPam7lkhP6q+8XstmaUX5s O0zIyEHyIjxi6o2cln60UVXFzac89VvJ4fXYWgA9KcagedGsbWCljp/92Xynyqng 3lnZUWPZPkr0+M5khbO8EKMfEOlx4klWkbXX7kbyNWiSs1b9uWoJJqcb7fpU0mc8 6/Z/4v2EmkTCML1UHdNYaJkeJL7Tr0OxfK0gt9V8xadcZAyJQbF1YpZCqtlBEpdn Fom/tSwgpNn8Lxj5KdbFuNimflDDs4MlOfIsPUTm95mxlTw79YvTg2zqKEzmEvFE Zu3q9867JbStBLUzWJ/sB1WdTWmULm8q1N4tgGC/si02lTHHkpNoX9Sey2fw/w2x CrGBqALNyl3Buh2jMZY4+ALEr+YKnKIZFEybQtKlj971vtrj9s6m6yQM0GUoy41g zzjuIBarrr0NYwZI2rGSF/9aSoksD7GD8JIeLlDuJMpRowwsuU50IwR7cBZ2LfpX heNoxLdUfCdzeXeKOtyoPJNIvDv1LxwuUvlcxXT9vbU/ufvznCzOXlpKyoOWuL29 +aKJVKtzM4wCX+suqJZqva3npyXQMWnk45MjhE7KNvFA8k/OfBZkdxJ9F187iJi1 UoVNeenYgwogC4Y5jXKXdPNdaiFfe+byrIAmdWZOFYhPMBKY5OXO/pVcgp6kfAMe DJDh7m7neS1/8IPmfmG0 =SUZm -----END PGP SIGNATURE----- -- gentoo-user@lists.gentoo.org mailing list