Re: AW: AW: Hello and DVD-ROM encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Wayper wrote:
> Jari Ruusu wrote:
> >If same key file is used for multiple partitions, then adversary can easily
> >detect what sectors are identical on different partitions.
> 
> Wouldn't this be negated by the fact that you're initialising the
> storage space for the ISO with /dev/urandom?  This would be a fairly
> good guarantee that blank sectors (the most likely things to be
> identical) are going to still be different.  I thought ISO images
> wouldn't include any unused blocks, anyway, which would also mean that
> blank sectors would be irrelevant.
> 
> And therefore, if you're not writing identical files in identical
> locations, isn't the risk associated with reusing a set of keys reduced?

But why would anyone use same key file? There is no reason to do that.

Peter's point was to keep the weakest part on USB-stick so attacker would
not have access to it. The weakest part is the human memorizable passphrase
that protects symmetrically encrypted key file or private keyring.

Nothing prevents you from encrypting the per DVD key file using public key
crypto and storing the weak part (human memorizable passphrase encrypted
private keyring) to USB-stick. Simply point the gpghome= mount option to
USB-stick (auto-)mounted directory.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux