[dm-crypt] Security concern: gpg keyfile vs passphrase

lyz lyz at riseup.net
Tue Jul 7 23:08:17 CEST 2015

The keyfile will be stored in the /boot partition.

My question is if it's in a cryptographic way more secure, like if gpg
encryption of a keyfile is more difficult to break rather than a
dm-crypt encryption of a device, therefore it's logical to use a keyfile
to encrypt the device and gpg to encrypt the keyfile.


On 07/07/2015 10:52 PM, wintonian wrote:
> A quick guess,
> In this scenario you have the following:-
> A, something physical - i.e. a keyfile.
> plus
> B, something known - i.e. a pass phrase.
> Which equals something more secure
> I guess there might be more to it than that, but I assume that's part of
> it.
> Regards
> Robert
> On 07/07/15 21:32, lyz wrote:
>> Hi all,
>> I'm encrypting my whole system under LUKS, and I've seen that in the
>> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
>> with gpg.
>> Why is more secure to encrypt a keyfile with a passphrase and then
>> encrypt the device with the keyfile rather than encrypting the device
>> directly with the passphrase?
>> Against a brute force attack the passphrase is the same, so they should
>> be equally secure, am I wrong?
>> Thank you
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20150707/f9b34081/attachment.asc>

More information about the dm-crypt mailing list