This construction is redundant and does not provide any additional security as compared to passphrase alone, assuming that your passphrase is secure. If your passphrase is insecure, you should fix that instead. Arno On Mon, Dec 01, 2014 at 03:54:19 CET, 0x14@xxxxxxxxxxxxxxx wrote: > Hi there, is this construction secure? Assuming "keyfile" is a file > and "/dev/device" is a block device, both made with /dev/urandom. > > cryptsetup open --hash=sha512 --cipher=aes-xts-plain64 --type=plain > keyfile keyfile_tmp && cat /dev/mapper/keyfile_tmp | \ > cryptsetup open --hash=sha512 --cipher=aes-xts-plain64 --type=plain > --key-file=- /dev/device cryptodevice && \ > cryptsetup close keyfile_tmp && mount /dev/mapper/cryptodevice > /media/cryptodevice > > The goal is to use pass+keyfile to decrypt storage. I put it in a > script and it works as it should at a glance. Are there alternatives > or improvements? Stupid errors maybe? > > Thanks. > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
