The keyfile will be stored in the /boot partition. My question is if it's in a cryptographic way more secure, like if gpg encryption of a keyfile is more difficult to break rather than a dm-crypt encryption of a device, therefore it's logical to use a keyfile to encrypt the device and gpg to encrypt the keyfile. Thanks On 07/07/2015 10:52 PM, wintonian wrote: > A quick guess, > > In this scenario you have the following:- > > A, something physical - i.e. a keyfile. > plus > B, something known - i.e. a pass phrase. > > Which equals something more secure > > I guess there might be more to it than that, but I assume that's part of > it. > > Regards > Robert > > On 07/07/15 21:32, lyz wrote: >> Hi all, >> >> I'm encrypting my whole system under LUKS, and I've seen that in the >> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it >> with gpg. >> >> Why is more secure to encrypt a keyfile with a passphrase and then >> encrypt the device with the keyfile rather than encrypting the device >> directly with the passphrase? >> >> Against a brute force attack the passphrase is the same, so they should >> be equally secure, am I wrong? >> >> Thank you >> >> >> >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt >> >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
