[Pkg-cryptsetup-devel] Re: What is the benefit of SSL/GnuPG
encrypting keys instead of XOR?
Jonas Meurer
jonas at freesources.org
Thu Mar 23 00:12:08 UTC 2006
On 22/03/2006 gebi at sbox.tugraz.at wrote:
> >Yes, the two-factor authentication is one aspect. But more
> >importantly IMHO: By using keyfiles at all, we can generate the
> >actual keys from cryptographically secure PRNGs instead of deriving
> >them from hashes of user-memorizable passphrases. Since we can't
> >store those keyfiles in clear, either openssl or gnupg are used to
> >encrypt them - this could be done with other software too.
>
> LUKS should be exactly this ;).
> Your passphrase is used to encrypt the master key for the luks
> partition. Luks is also resistent against dictionary attacks (see
> http://clemens.endorphin.org/publications).
you're correct. and according to clemens the key/passphrase which is
used to decrypt the master key is hashed to a fixed length anyway. in
other words: encrypted keys don't have any advantages over a passphrase.
this means, that support for openssl/gnupg encrypted keys is useless for
luks, isn't it?
clemens, can you confirm this?
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list