-----BEGIN PGP SIGNED MESSAGE-----
Daniel Iliev wrote:
| On Tue, 24 Jun 2008 22:20:20 -0400
| Chris Walters <firstname.lastname@example.org> wrote:
| Perhaps they appear as kernel modules? I'm just guessing.
I think that is how they are supposed to appear, but I can't seem to get them
to compile, and the instructions are not too helpful.
| Yes, you can have multiple passwords with dm-crypt-luks.
That is good.
| Never bothered to go so deep in the internals, but...
| I had a busyness laptop with non-sensitive (in my opinion) data, but
| the managers were quite paranoid about that, so I had to encrypt the
| drives to save myself the administrative trouble in case it was stolen.
| I followed the gentoo-wiki how-to  and found out that encrypting the
| hdd visibly slowed down the system.
| Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. ,
| etc) can break those algorithms relatively easy. On the other hand even
| weaker algorithms can protect your data against laptop thieves.
That's more than a rumor. Another three letter agency (NSA) has networks of
supercomputers that can brute force a passphrase is little time. I am majoring
in mathematics, and plan to specialize in cryptology. I doubt they'd let me
publish an algorithm that is very hard to break... It is not that I'm terribly
paranoid about people getting my data, I just want to make it a little harder.
Of course, it is always possible to insert code that will send the unencrypted
data, once you've logged on - not easy for the casual user, but for the guru,
an easy thing.
| What I'm saying is that it is pointless to get very crazy about strong
| and heavy algorithms. After all if your enemies are not after your
| hardware, but after your data, they could always physically force you
| to reveal the password.
Yes, I suppose that they could do that, using torture or something like that.
| Yes, you could do something like:
| head /dev/urandom | gpg --symmetric -a > key.gpg
| gpg --decrypt key.gpg | cryptsetup luksFormat /dev/some-block-device
| gpg --decrypt key.gpg | cryptsetup luksOpen /dev/some-block-device
| (The above commands are not correct, their sole purpose is to show the
Thanks for the ideas, and for the links. I will be checking them out.
|  System Encryption DM-Crypt with LUKS: http://tinyurl.com/clrk6
|  M.A.V.O.: http://tinyurl.com/4badqs ; http://tinyurl.com/4chhph
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
email@example.com mailing list