[dm-crypt] Passphrase protected key file?
arno at wagner.name
Thu Jul 14 15:35:33 CEST 2011
On Thu, Jul 14, 2011 at 01:55:50PM +0200, Ma Begaj wrote:
> > Also note that an attacker that has access to the storage could
> > patch your GnuPG binary or other system components.
> well that is an another story because an attacker could in that case patch
> cryptsetup too. if s/he can do that it is not important whether you
> use encrypted
> key file on usb stick or directly cryptsetup.
Indeed. But are there any realistic scenarios where
a) a passphrase is signifiacntly less secure than an encrypted
passphrase stored on USB with a second pasphrase to decrypt that
b) the attacker does not have the possibility to patch
GnuPG/cryptup/other things that make the second passphrase
just as weak as the first one?
My claim is that a realistic risk analysis will show there
are no such scenarios that are typical and hence having
an encrypted passphrase on an USB stick does not offer
Remember, IT security is pure risk managements, possibly
with IT means.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt