[dm-crypt] Security concern: gpg keyfile vs passphrase

wintonian mail at wintonian.org.uk
Tue Jul 7 23:00:11 CEST 2015

(replying to the list rather than the individual might be a better idea)

A quick guess,

In this scenario you have the following:-

A, something physical - i.e. a keyfile.
B, something known - i.e. a pass phrase.

Which equals something more secure

I guess there might be more to it than that, but I assume that's part of it.


On 07/07/15 21:32, lyz wrote:
> Hi all,
> I'm encrypting my whole system under LUKS, and I've seen that in the
> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
> with gpg.
> Why is more secure to encrypt a keyfile with a passphrase and then
> encrypt the device with the keyfile rather than encrypting the device
> directly with the passphrase?
> Against a brute force attack the passphrase is the same, so they should
> be equally secure, am I wrong?
> Thank you
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

More information about the dm-crypt mailing list