[dm-crypt] Security concern: gpg keyfile vs passphrase
mail at wintonian.org.uk
Tue Jul 7 23:00:11 CEST 2015
(replying to the list rather than the individual might be a better idea)
A quick guess,
In this scenario you have the following:-
A, something physical - i.e. a keyfile.
B, something known - i.e. a pass phrase.
Which equals something more secure
I guess there might be more to it than that, but I assume that's part of it.
On 07/07/15 21:32, lyz wrote:
> Hi all,
> I'm encrypting my whole system under LUKS, and I've seen that in the
> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
> with gpg.
> Why is more secure to encrypt a keyfile with a passphrase and then
> encrypt the device with the keyfile rather than encrypting the device
> directly with the passphrase?
> Against a brute force attack the passphrase is the same, so they should
> be equally secure, am I wrong?
> Thank you
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt