[dm-crypt] Passphrase protected key file?
ldarby at tuffmail.com
Tue Jul 12 00:17:32 CEST 2011
My next question, what's the best way to have a passphrase protected key file?
Should I encrypt it with GPG, and then do eg:
gpg -d ~/pass_key | cryptsetup luksOpen --key-file - /dev/loop1 loop1
That has the advantage of using the same passphrase I use for
everything else, but is there any security risk I'm not seeing? I read
that encrypting something twice or with multiple ciphers is effectively
a new unknown cipher, potentially trivially breakable - I don't think
that applies here, but is there anything like that I need to watch out for?
Alternatively, I could just do this:
( cat ~/pass_key ; cat ) | cryptsetup luksOpen --key-file - /dev/loop1 loop1
so I still have to provide both the key and passphrase, terminated with
Ctrl-D. Any thoughts?
More information about the dm-crypt