> On Thu, Apr 15, 2010 at 01:30:54AM +0200, Arno Wagner wrote: > > On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote: > > > Arno Wagner wrote: > > > > > > > > Well, while I do not really think the virtual keyboard will help > > to a larger degree, it may still raise security a bit. > > what would help a litle bit more in this scenario is getting the password > from a smartcard with a nice fully encrypted challenge response protocol. > > Richard Some smart cards can't store passwords, but... Using a smart card with a private key to decrypt and using the public key to encrypt instead of a password would go a long way to making LUKS more secure. This would allow me to encrypt a drive with someone's public key without having to share a password (or a separate key file). Note that I am talking about encrypting the master key in a LUKS partition and not the whole drive using dm-crypt. This would obviously require a change to the LUKS header format, but I think it would be very useful. Encrypting a key file is not the same as it requires me to either partition the (USB) drive (with the key file on a separate partition) or send it some other way. Basically, all possible authentication/authorization mechanisms should be available. If for some reason, I want to encrypt/decrypt my drive using an iris scan, it should be possible. Passwords are weak and are only something you know. I realize that most people don't have an iris scanner on their laptop, but a bunch already have finger print scanners so what I am describing is not that farfetched. Vlad
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
