[dm-crypt] Security concern: gpg keyfile vs passphrase

wintonian mail at wintonian.org.uk
Tue Jul 7 23:00:11 CEST 2015


(replying to the list rather than the individual might be a better idea)

A quick guess,

In this scenario you have the following:-

A, something physical - i.e. a keyfile.
plus
B, something known - i.e. a pass phrase.

Which equals something more secure

I guess there might be more to it than that, but I assume that's part of it.

Regards
Robert

On 07/07/15 21:32, lyz wrote:
> Hi all,
>
> I'm encrypting my whole system under LUKS, and I've seen that in the
> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
> with gpg.
>
> Why is more secure to encrypt a keyfile with a passphrase and then
> encrypt the device with the keyfile rather than encrypting the device
> directly with the passphrase?
>
> Against a brute force attack the passphrase is the same, so they should
> be equally secure, am I wrong?
>
> Thank you
>
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>


More information about the dm-crypt mailing list