Re: plain: opening with a wrong password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If you are concerned about the header, you could use Luks with a detached header. This way you have the advantages of Luks and you can store the header separate from the encrypted container.

Quoting dennis@xxxxxxxxxxxxxxxxx:

On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote:
If your passphrase is weak enough that a dictionary
attack has a reasonable success of working (and a dictionary
attack is the only thing the salt that hashalot adds helps
against), then you are pretty deep in insecure territory and
_need_ the hash iteration that LUKS provides, but which is
missing from both plain and hashalot.

...

Please do not spread unsubstantiated rumors. It is hard enough
these days for non-experts to decide what crypto to trust
and what not. Rumors of the kind "metadata headers offer
attack vectors" make this even worse.

Count me among the non-experts. I have two questions. (a) Wouldn't
metadata headers incur a loss of plausible deniablity compared to
plain mode, especially when an encrypted filesystem image is stored as
a single file on backup media or in the backing file for a loopback
device? (b) Assuming a secure passphrase, wouldn't plain mode be more
secure than luks against possible vulnerabilities in the hashing
algorithm that may be discovered in the future?
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


--
Regards,
Michael

https://skrilnetz.net

Attachment: bin7F3SiRzhmh.bin
Description: PGP Public Key

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux