David wrote: > Hi all - a few questions about some options in the build-init.sh script > that comes with loop-aes. > > When using a gpg key to encrypt the drive, do the following options > effect the security of the drive? > > # Optional password seed for root partition > #PSEED="-S XXXXXX" > > # Optional password iteration count for root partition > #ITERCOUNTK="-C 100" > > Meaning, even with a gpg key, should I have a 10000 iteration count and > a strong (20+ chars, upper, lower, numbers, etc...) password, even > though this password is not the one I have with my key? I want the > drive secure! Those obsolete options have meaning only in single-key mode. They are there for backward compatibility only. gpg does good salted+iterated key setup. Changed private keyring passphrase, or symmetrically encrypted key files encrypted using patched version of gpg do even more iteration for better resistance against dictionary attacks. In other words, you don't need above PSEED= and ITERCOUNTK= options. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
