[Pkg-cryptsetup-devel] Re: What is the benefit of SSL/GnuPG
encrypting keys instead of XOR?
gebi at sbox.tugraz.at
gebi at sbox.tugraz.at
Wed Mar 22 21:59:59 UTC 2006
Quoting Max Vozeler <max at nusquama.org>:
hi,
> Yes, the two-factor authentication is one aspect. But more
> importantly IMHO: By using keyfiles at all, we can generate the
> actual keys from cryptographically secure PRNGs instead of deriving
> them from hashes of user-memorizable passphrases. Since we can't
> store those keyfiles in clear, either openssl or gnupg are used to
> encrypt them - this could be done with other software too.
LUKS should be exactly this ;).
Your passphrase is used to encrypt the master key for the luks
partition. Luks is also resistent against dictionary attacks (see
http://clemens.endorphin.org/publications).
greets,
Michael Gebetsroither
More information about the Pkg-cryptsetup-devel
mailing list