On Tue, Dec 30, 2008 at 10:10 AM, Dick Middleton <gmane@xxxxxxxxxxxx> wrote: ... > Is it? Works for me. But then if you use --key-file=key.file you'll use it > the same way every time so the difference won't be noticed. You have to be a bit careful, it is important to understand what the difference may be. "Works for me" - Does that mean that cryptsetup functions without error or data loss? Or does it mean your setup has actually stood up to a skilled adversary? The former could be achieved with a null cipher. > FYI I use jpg files for some of my key files. With cryptsetup create? Using the first 16 or 32 bytes (probably 16, possibly >32 depending on mode) of a non-randomly generated file seems a bit of a bad idea to me. I don't know anything about the jpeg format, but looking at two random jpegs on my drive, 15 of the first 16 bytes of the files are identical and 20 of the first 32 bytes are identical. Using cryptsetup luksCreate as I understand would be a bit different, as the file would be converted to a hash prior to use as a key. I personally wouldn't suggest anyone use a jpeg as a keyfile (I've only RTFM but not RTFS, so I could be wrong in my understanding - having connectivity issues accessing http://luks.endorphin.org/dm-crypt) -- Roscoe --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
