[dm-crypt] --key-file size...

Arno Wagner arno at wagner.name
Fri Jan 25 20:31:19 CET 2013


On Thu, Jan 24, 2013 at 05:36:24PM +0000, Andrea wrote:
> On Thu, Jan 24, 2013 at 04:42:51PM +0100, Arno Wagner wrote:
> 
> Hi Arno,
>    and thanks a lot for your quick reply.
> 
> > You are using plain dm-crypt (you really should use LUKS).
> 
> I really like the "stealth" mode of plain. With LUKS header they can see
> there's encrypted stuff. 

The only stealthy thing between "plain" and LUKS is that with
LUKS there is an ambiguity between encrypted and "secure 
wiped", but that is all. 

> Anyway, maybe I should just set an offset.
> 
> > So nothing wrong.
> 
> Yep. Is there a way for me to have a big key? Using LUKS? LoopaesOpen?
> Does it worth it?

No. A good passphrase is enough. 

> I mean, I am a little bit paranoid about leaking our patient info (they
> are about AIDS and so on).

Go LUKS. More secure anyways. And you can have a recovery-passphrase 
in a sealed envelope in your safe. 

> Thanks a lot for your time,
> A.

No problem.

Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell


More information about the dm-crypt mailing list