Re: decrypting partition only on one single hardware? | KernelTrap

Re: decrypting partition only on one single hardware?

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Ted Unangst <ted.unangst@...>

To: Michael <belenus@...>

Cc: <misc@...>

Subject: Re: decrypting partition only on one single hardware?

Date: Monday, February 4, 2008 - 1:03 am

On 2/1/08, Michael wrote:

quoted text

> Before I get to my real question... the mount_vnd option "rounds". What
> does it really do and which would be a good value? Does it depend? if
> so, on what? The size of the saltfile or length of the password?

the minimum value is "longer than your attack will wait" and the max
value is "as long as you are willing to wait". but since you've
decided to store the key with the data, it makes absolutely no
difference. attackers don't have to crack the key when you give it to
them.

> Ok, back to topic. I was thinking about to use a saltfile which consists

quoted text

> of the keyfile on the USB stick, but also of some checksum or some other
> information gathered from the hardware, so it would only be possible to
> decrypt the partition on the same hardware, so even if you steal or copy
> the HDD and the USB stick, decrypting would be impossible.

your attacker is going to take the time to remove the hard drive
before stealing it? how polite.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

decrypting partition only on one single hardware?, Michael, (Fri Feb 1, 6:49 am)

Re: decrypting partition only on one single hardware?, Ted Unangst, (Mon Feb 4, 1:03 am)

Re: decrypting partition only on one single hardware?, Raimo Niskanen, (Fri Feb 1, 7:20 am)

Re: decrypting partition only on one single hardware?, Michael, (Fri Feb 1, 10:16 am)

Re: : decrypting partition only on one single hardware?, Raimo Niskanen, (Fri Feb 1, 11:27 am)

Re: : decrypting partition only on one single hardware?, Joachim Schipper, (Fri Feb 1, 12:07 pm)

Navigation

Popular discussions


linux-kernel:
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Linus Torvalds	Re: Slow DOWN, please!!!
Tony Lindgren	[PATCH 37/90] ARM: OMAP: MPUIO wake updates
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Alexey Dobriyan	Re: [GIT]: Networking
Dushan Tcholich	Re: ksoftirqd high cpu load on kernels 2.6.24 to 2.6.27-rc1-mm1
openbsd-misc:

Colocation donated by:

Who's online

There are currently 3 users and 746 guests online.

Online users

Syndicate