--- Peter Grandi <pg_lcry@xxxxxxxxxxxxxxxxxxx> wrote: > I'd like to learn why you think that to remove the > passphrase from your > memory and to "put the passphrase in a gpg keyfile" > instead might > conceivably result in "better security". If someone manages to hack my box, s/he could easily put install a key logger and sniff the passphrase. With the key file solution, the hacker can only get the passphrase that decodes the key file. But, as I would put the file on an usb memory stick, which is only shortly plugged-in while mounting the partition, s/he would have some additional effort in order to also get the file. A simple key logger does not suffice anymore then. > Now, if you intend instead to create a new random private key, and use > that instead of the passphrase as the cipher key, and reencrypt your > partition, presumably you can use 'aespipe' twice do do that. I never thought a re-encryption of a parition would be possible. Where can I find any addidtional information on that subject? I guess this includes some signifcant risk of loosing all the data on the disk, in case something goes wrong. > Arguably switching from a passphrase to a random private key in a GPG > file might slightly improve ``security'' whatever that is, in some > vaguely plausible scenarios, even if I am a bit sceptical. The AES-loop readme contains some information on the differences in security for the various encryption options. It sounds quite plausible to me. Thomas __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
