It is completely clear now thanks..
On another topic, if you have not looked into it I think the crypto geeks (myself included) are on to something. The Bip39 mnemonic phrase is reasonably safe to write down / engrave and backup and the hardware wallet offers a simple place to protect a private key with minimal risk of bugs and root kits. It would be so easy to unlock the Luks drive too even for testing. So I could use a 1 digit pin for testing and a hardware wallet then later change the password to and still maintain security even if the old stripes were recovered.
I'm not using strips here, but rather I'm encrypting and decrypting the master key on the hardware wallet similar to what your doing in Luks:
If Luks had something like this, it should also have directions for mounting ones own Arm chip and USB connector and flashing both parts of Bios: the firmware upgrade module and the firmware. So people can audit and build their own even if it is not completely from scratch..
Think of this like a Luks header backup with a pin lockout.. TSA may give people a hard time at the boarder because this is for crypto. They will have a better reason if it is a work-security device..
-------- Original Message --------Subject: Re: [dm-crypt] broken link: Fru05b in pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdfLocal Time: December 28, 2017 2:47 AMUTC Time: December 28, 2017 8:47 AMFrom: gmazyland@xxxxxxxxxTo: Slim2k <slim2k@xxxxxxxxxxxxxx>, dm-crypt@xxxxxxxx <dm-crypt@xxxxxxxx>On 12/27/2017 01:52 PM, Slim2k wrote:2.4 AF-SplitterLUKS uses anti-forensic information splitting as speci ed in [Fru05b].As Arno said, there is a copy on the cryptsetup project page.I'll fix link in spec as well, thanks for pointing this out.Also if you think about it please send me the new reference material..I'm interested in learning why dm-crypt splits the master key like this..Just to be precise, it is split in LUKS userspace, not in kernel dm-crypt.Anyway, some reasons for AF do not longer apply for the new flash-basedstorage (and not even for modern non-flash drives).AF will be replaced one day with something better.Milan
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
