From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-191702-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 7BFFD1382C5
	for <garchives@archives.gentoo.org>; Sun,  7 Jun 2020 01:04:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 33DC6E0AAE;
	Sun,  7 Jun 2020 01:04:53 +0000 (UTC)
Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id C2BA9E099F
	for <gentoo-user@lists.gentoo.org>; Sun,  7 Jun 2020 01:04:52 +0000 (UTC)
Received: by mail-ed1-f46.google.com with SMTP id k8so10467065edq.4
        for <gentoo-user@lists.gentoo.org>; Sat, 06 Jun 2020 18:04:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=Q1V13tLMzSCSuvbm+eOHHWkfD1+mVWpLDOag5tWCI78=;
        b=JhaEKYW/Zq6H6CT5ze4aqAa8lGtD1SFwmTwYW4fvfKCs8H1x4Xmixk73fgw4ydu6b8
         wDVUfzv91OGaTm4t9dTF4Hq0C46eNZTVg+GKaHe7sIk/1nHdTRZvadcwtnmeYPK/BWSP
         zAjPkwbr7hvjK6XAtpEEMY50MU+8k9axUa0ffTr6k12AdQLzUuXFbf5KDPNgqiEZzDox
         Bpu3xVhLKot/RhkDLI693j8CkXAy52XtLBe3LpK5+z/WmJ8jQ76EzUPLY67OlSlWf29k
         fa9jYuS4K66CDK+VxMaMKYWoByUVgnomvQ1KAGQTHKvbDIijE2hFsvFrrDIh6gMmd0MV
         v7Ag==
X-Gm-Message-State: AOAM531rBmHZ1HNd8M0FcnXCzXg6vmeuSB+gaD7lyjoh/WvS0w0p6h2v
	QWjqzmJAM2pIl5uoWFr23YWPvtNk5EsRXjOzhPqXimZA
X-Google-Smtp-Source: ABdhPJx1Po+N9SE2BXo28TchgPrUiykKq1rX5ga9tuoeoP3knJrQcBeacDFmsTMJMbowe26ah2A/Q56Ru9Lk30P0oZ8=
X-Received: by 2002:a50:afa5:: with SMTP id h34mr16151156edd.34.1591491891134;
 Sat, 06 Jun 2020 18:04:51 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com>
 <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com> <CAGfcS_=Qt6=hjTWpPvN+zHabagnQvazeqgZu9Qi74utWPeuj0A@mail.gmail.com>
 <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com> <CAGfcS_kxEU_y7d8cTbg7sbXOtdKgaUmt7i_05vYVFahc1SBtTQ@mail.gmail.com>
 <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com>
In-Reply-To: <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com>
From: Rich Freeman <rich0@gentoo.org>
Date: Sat, 6 Jun 2020 21:04:39 -0400
Message-ID: <CAGfcS_ncL5UcqwHBDAUEJXV5ePP36in+MVCjbBcgBHj3gRfQgQ@mail.gmail.com>
Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method.
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset="UTF-8"
X-Archives-Salt: cd63703a-db84-44e8-ac1c-672c325c6f0f
X-Archives-Hash: abb11cf5aed345c41cdb7e5495169836

On Sat, Jun 6, 2020 at 8:47 PM Victor Ivanov <vic.m.ivanov@gmail.com> wrote:
>
> On 06/06/2020 21:12, Rich Freeman wrote:
> > Maybe we're miscommunicating, but it seems like you're moving the
> > goalposts here.
> > ...
> > Your original point was, "The problem here is that a leaked header
> > immediately means a compromised volume."
>
> I believe we're on the same page and it's indeed due to miscommunication
> and I suspect this is where the main point of miscommunication lies.
> You're taking my statement out of context. No doubt, I most certainly
> could have phrased this part better and made it clearer. It may not have
> been obvious but that sentence was aimed specifically in the context
> where a weak password is used or, especially, when a password has been
> compromised and how being able to change said password might have little
> effect. In which case the point still stands - when a password is
> compromised, there is a possibility that changing said password may not
> necessarily be the end of the matter as the (old) header may or may not
> have been leaked too either as part of the same or a previous attack -
> not necessarily involving physical access.

I think we're on the same page and just talking past each other.  I
didn't catch that as being the intended context, and in the scenario
you describe you are of course completely correct.

Thanks for bringing this point up though, as it isn't really something
I'd given much thought to.

-- 
Rich