Info wrote: > I mount it to a loop device > #losetup -e AES128 -C 100 -S arandomlygeneratedseed -T \ > /dev/loop3 /image/file Above type setup is vulnerable to watermark attacks. Just FYI. > > I don´t want the key to be stored with the data on DVD. > I don't use the multikey mode because I don't have, and don't want, > encrypted swap, and it is my understanding that gpg can leak the content > of what it encrypts to swap. Take a look what kind of information gets written to swap: ssh sessions, passwords, credit card numbers, emails to your mistress, etc. You really don't want that kind of info recorded in non-volatile storage on disk. Swap is one of the worst anti-security features ever conceived. Encrypted swap solves that problem nicely. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
