On 05/17/2010 11:14 AM, Stefan G. Weichinger wrote:
> Am 16.05.2010 14:36, schrieb Jan Engelhardt:
>> [Replying to
>> In my personal opinion, both the quality of shell commands and key
>> generation is suboptimal. What makes it bad is that people follow
>> First, it generates a key which does not exploit the entire space.
>> People claim it's because they want an ASCII readout, but frankly,
>> you get the same with `hexdump -C`.
>> Second, it's using echo without the -n parameter, thus implicitly
>> inserting a newline into the key -- which is the cause for yoru
>> observed mounting problems.
>> Third, because you are passing the key via stdin into cryptsetup, it
>> only uses the first line of whatever you pipe into it; whereas
>> pam_mount uses the entire keyfile as it is supposed to be.
>> (Fourth, the howto suggests ECB, which, well, looks rather weak
>> considering the ECB's Tux picture on Wikipedia.)
>> All of that should be in doc/bugs.txt, and mount.crypt even warns
>> about ECB. You really cannot ignore seeing that.
> Jan, thanks for your suggestions.
> I created a new LUKS-volume and tried to avoid all the mentioned
> pitfalls (I used "echo -n", avoided stdin etc.), but this didn't help here.
> The new volume is not mounted with pam_mount-2.1, but mounted OK with
> And, btw, as mentioned in the original thread, I use CBC, not ECB ;-)
> -- Your CCing Daniel didn't work maybe, wrong address, I corrected it
> for this reply)
> -- I CC: firstname.lastname@example.org to link to the gentoo bug
> Thanks, regards, Stefan
In a more general discussion I wonder what the advantage of using a SSL
encrypted key for HDD-encryption is.
As the SSL-keyfile is as well protected as the password to decrypt it is
"difficult", so would be a directly encrypted HDD with the same password
- or not?
If this assumption is correct, then I think the direct approach would be
better, as in "less complexity - less errors".
<For the paranoid>
I think it is much easier to hide a trojan/keylogger on an unencrypted
root-partition than in an initramfs - and not be detected. (Both is easy
to do, but the latter can be detected easier.) Unfortunately that
detection is never done... after opening the root-dev some form of
file-/partition-manipulation check should run. Though the kernel could
be already compromised... Only a secure boot-path like with TCG is
really secure... well this is only if you fear strong attackers, and not
only loosing your notebook
I head that really strong attackers would
hide a keylogger beneath your keyboard... but if you have that kind of
opponent, then you really have other problems too
</For the paranoid>
Anyway - if your /tmp is not encrypted you should put it on a ram-disk:
gives you speed and privacy in case of robbery. Also important is to
have the screensaver lock the screen.
On a technical note: I use "xts" as I read it's a good (although new) algo.
BTW: No need to CC mailing list mails to me - I'll read and reply the
ML-thread when I have time
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887