Ok, if you don`t want to talk about "plausible deniability", let`s get
back to security if you don`t mind :)
Simpler solution: Use a very long passphrase, learn one part by
heart and the other part not and have that on paper. The part
on paper could, for example, be 50 random letters and digits.
At least I could not remember that. In case of emergency, destroy
the paper. (Make it edible for better convenience.) Use
severall/all keyslots to make the paper-part harder to remember.
Why should I use papers for that? It is simpler in a way that you don`t
need a computer to write down something. But as for security there are
only disadvantages: paper wears (destruction is not or far less
controllable as with digital storage), it is not resistant to water, it
could be easily copied by attacker and not by you (if you don`t trust
electronics)...and I don`t mention convenience like ability to carry as
many keyfiles as I want without being looking strange, etc.
Also, for example, 1024 or 16k letters is far more better for security
than 50+what_you_can_remember letters for passphrase...from
"cryptographical perspective", please excuse my ignorance :)
If you have a safe location, put all data there. You do not even
need to encrypt in this case.
There is no such thing as perfect safe location, that`s why we use
cryptography :-\
Far safe location could give you or your partner some time to undertake
countermeasures. More time in many cases means more security, am I
right?
3. Attacker can attach a hidden camera behind me while I typing
password (or do similar approach) and then get a copy of encrypted
data (it is far easier than get full root access)
Oh? Just have the attacker look with the camera while you type
in your root password...
Root password != full access right away. Also, they could "catch" one
password and not other.
4. After encrypting, I give single copy of keyfile to another person
(he is living in bunker in another country, of course). I know
passphrase, he owns keyfile, we can get to the data only if we meet
in person, for example.
...
Do the same thing, but just one part data one part passphrase.
The keyfile does not add anything.
I agree here :)
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt