From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7BFFD1382C5 for ; Sun, 7 Jun 2020 01:04:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 33DC6E0AAE; Sun, 7 Jun 2020 01:04:53 +0000 (UTC) Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C2BA9E099F for ; Sun, 7 Jun 2020 01:04:52 +0000 (UTC) Received: by mail-ed1-f46.google.com with SMTP id k8so10467065edq.4 for ; Sat, 06 Jun 2020 18:04:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Q1V13tLMzSCSuvbm+eOHHWkfD1+mVWpLDOag5tWCI78=; b=JhaEKYW/Zq6H6CT5ze4aqAa8lGtD1SFwmTwYW4fvfKCs8H1x4Xmixk73fgw4ydu6b8 wDVUfzv91OGaTm4t9dTF4Hq0C46eNZTVg+GKaHe7sIk/1nHdTRZvadcwtnmeYPK/BWSP zAjPkwbr7hvjK6XAtpEEMY50MU+8k9axUa0ffTr6k12AdQLzUuXFbf5KDPNgqiEZzDox Bpu3xVhLKot/RhkDLI693j8CkXAy52XtLBe3LpK5+z/WmJ8jQ76EzUPLY67OlSlWf29k fa9jYuS4K66CDK+VxMaMKYWoByUVgnomvQ1KAGQTHKvbDIijE2hFsvFrrDIh6gMmd0MV v7Ag== X-Gm-Message-State: AOAM531rBmHZ1HNd8M0FcnXCzXg6vmeuSB+gaD7lyjoh/WvS0w0p6h2v QWjqzmJAM2pIl5uoWFr23YWPvtNk5EsRXjOzhPqXimZA X-Google-Smtp-Source: ABdhPJx1Po+N9SE2BXo28TchgPrUiykKq1rX5ga9tuoeoP3knJrQcBeacDFmsTMJMbowe26ah2A/Q56Ru9Lk30P0oZ8= X-Received: by 2002:a50:afa5:: with SMTP id h34mr16151156edd.34.1591491891134; Sat, 06 Jun 2020 18:04:51 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com> <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com> <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com> In-Reply-To: <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com> From: Rich Freeman Date: Sat, 6 Jun 2020 21:04:39 -0400 Message-ID: Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method. To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: cd63703a-db84-44e8-ac1c-672c325c6f0f X-Archives-Hash: abb11cf5aed345c41cdb7e5495169836 On Sat, Jun 6, 2020 at 8:47 PM Victor Ivanov wrote: > > On 06/06/2020 21:12, Rich Freeman wrote: > > Maybe we're miscommunicating, but it seems like you're moving the > > goalposts here. > > ... > > Your original point was, "The problem here is that a leaked header > > immediately means a compromised volume." > > I believe we're on the same page and it's indeed due to miscommunication > and I suspect this is where the main point of miscommunication lies. > You're taking my statement out of context. No doubt, I most certainly > could have phrased this part better and made it clearer. It may not have > been obvious but that sentence was aimed specifically in the context > where a weak password is used or, especially, when a password has been > compromised and how being able to change said password might have little > effect. In which case the point still stands - when a password is > compromised, there is a possibility that changing said password may not > necessarily be the end of the matter as the (old) header may or may not > have been leaked too either as part of the same or a previous attack - > not necessarily involving physical access. I think we're on the same page and just talking past each other. I didn't catch that as being the intended context, and in the scenario you describe you are of course completely correct. Thanks for bringing this point up though, as it isn't really something I'd given much thought to. -- Rich