[dm-crypt] Security concern: gpg keyfile vs passphrase
lyz at riseup.net
Tue Jul 7 23:08:17 CEST 2015
The keyfile will be stored in the /boot partition.
My question is if it's in a cryptographic way more secure, like if gpg
encryption of a keyfile is more difficult to break rather than a
dm-crypt encryption of a device, therefore it's logical to use a keyfile
to encrypt the device and gpg to encrypt the keyfile.
On 07/07/2015 10:52 PM, wintonian wrote:
> A quick guess,
> In this scenario you have the following:-
> A, something physical - i.e. a keyfile.
> B, something known - i.e. a pass phrase.
> Which equals something more secure
> I guess there might be more to it than that, but I assume that's part of
> On 07/07/15 21:32, lyz wrote:
>> Hi all,
>> I'm encrypting my whole system under LUKS, and I've seen that in the
>> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
>> with gpg.
>> Why is more secure to encrypt a keyfile with a passphrase and then
>> encrypt the device with the keyfile rather than encrypting the device
>> directly with the passphrase?
>> Against a brute force attack the passphrase is the same, so they should
>> be equally secure, am I wrong?
>> Thank you
>> dm-crypt mailing list
>> dm-crypt at saout.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the dm-crypt