On Thu, Jul 14, 2011 at 01:55:50PM +0200, Ma Begaj wrote: > > Also note that an attacker that has access to the storage could > > patch your GnuPG binary or other system components. > > well that is an another story because an attacker could in that case patch > cryptsetup too. if s/he can do that it is not important whether you > use encrypted > key file on usb stick or directly cryptsetup. Indeed. But are there any realistic scenarios where a) a passphrase is signifiacntly less secure than an encrypted passphrase stored on USB with a second pasphrase to decrypt that and b) the attacker does not have the possibility to patch GnuPG/cryptup/other things that make the second passphrase just as weak as the first one? My claim is that a realistic risk analysis will show there are no such scenarios that are typical and hence having an encrypted passphrase on an USB stick does not offer improved security. Remember, IT security is pure risk managements, possibly with IT means. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt