Re: dm-crypt with LUKS versus loop-AES multi-key v3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
as i know, the watermark attack issue has been solved by using the ESSIV option . about moving the keys to an usb stick, i belive is not such a good ideea, it depends on what you want to protect. The encryption agorithms are strong and almost 'perfect' in theory ... is the implementation that usually has some issues. 

Cheers
Dan


Michael Cassaniti wrote:


Hi,
Thanks for the feedback. I do know that AES at 256 bits is highly
secure. It would take something extrodinary to break the encryption of
AES within a reasonable time frame. Thank you also for the
verification on the Master Key size.
I noticed on the website mention of using a USB stick with dm-crypt
and LUKS. How does that work? Is it just a fancy way to avoid a
password, or does it actually provide more security than the master
key?

I guess I really wanted to know just how hard it would be to break the
strongest dm-crypt system with LUKS when it was using AES at 256-bits.
I think I have my answer now. It's either the password length, or
break the master key (256-bits) but nothing really beyond that.

Is there a watermark issue with AES and dm-crypt? I know that using
loop-AES in single key mode, that it left a watermark, making it
easier to break the system. I'm not really that familiar with
watermarks, but I do know that it poses a weakness to the system.

If watermarking is not an issue, then you have converted me, and I
believe that I might as well use dm-crypt with LUKS, even though it
would take much more effort for someone to break my old loop-AES
system. I don't think any government organisation will really want to
put their resources into breaking my system, and they would be the
only ones with the computing power to do it.

Thanks again for your time, but I still would like the USB stick and
watermark questions answered.

Michael Cassaniti

---------------------------------------------------------------------
 - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx





---------------------------------------------------------------------
 - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux