Thursday, October 24, 2019

Re: Encrypting my keydisk

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbp3zU+m2o6LC9PKuDvhi//TKLgMFAl2x4wsACgkQDvhi//TK
LgP+0Q/9EYSD9hZFPEHaWZDsyyLuqJ5PLXNnqq/fFa+QU+k+L3VE38YcTAODCoU2
PeGvLFc596i4XWLTEVEHvytu9cmX10y4BLO+zUTbHENHhP3up7Rvdy4bP5R1++Ma
ElWpn6tnJ22wP2S7SCvvw9yYvvtnbmrVp5pDezBNl0WFjuVQRgUel8eiGBZLX4rh
09b7hsxwrnP/B5Sazs9nzfNOW3BdUgYgB4d7TL7RjZ7Stg7weWrJSkDjTvIHHFel
cRRsmelmaMjMAn4b2WsVklM9SAQVYqxaaBzXloFNzk5G/S+gybvaJWOePfJUWPPn
3m+qyGRsPSKr2IqmdZT95MslUlBceILkXnE14tYX0D7u9zlXGHs1TfK77FFkOb53
XNextW0pwFHuo5EvTk2HKsPKNRoHrahPSBOVbNEUlucKgkNzCn4yCs5AQa+Uukm2
4f6Zq4XKl4/k7ZC/NcskdnCRkEF9FqnuK1SprE+wpn2M645YLVuHStP5bUiUCz9p
0LumA8ctFsDZ++RY2WAnrbnmKQqj5mMg5hUlA5j4jz1Gd5E1BuDt49ohGn5L1QGw
zfddxlELrGgi7tuZg1Qd4pnks//VKJpDZp6vMG22hsUbZBy89FykhAAP6MNDxgna
arMcG4iy2Iatba1wLX4NbEk5w4VhK57SebaLL69/K6SPXB0hdGY=
=aRWv
-----END PGP SIGNATURE-----
So answering your forwarded Mail Thread.

What's the reason ?

Because your diskencryption stands and falls with the complexity of your
passphrase. And if you were able to use a keydisk to encrypt your
harddrive it would be WAY harder to bruteforce your keydisk rather than
your passphrase.

This advantaged is kind of "compromised" by the fact that the keydisk
could be easily stolen or copied.

-> keydisk encryption to mitigate that. 

Overcomplicated? Not so much.

I'm at it so far implementing the diff. I'll see how that goes.


On 2019-10-24 03:31, Aaron Mason wrote:
> On Thu, Oct 24, 2019 at 10:44 AM List <list@md5collisions.eu> wrote:
>> One would obviously NOT store the key on harddisk. That wouldn't make
>> any sense and is not necessary.
>>
>> This could be similarly achieved as the normal FDE with passphrase. But
>> instead of the actual harddisk as target, the target of the "yet to
>> implement" encryption of the keydisk would be the key on the keydisk
>> itself.
>>
> So how would the system access the key if it's encrypted?
>
>> g
>>
>> On 2019-10-22 23:40, Aaron Mason wrote:
>>> On Wed, Oct 23, 2019 at 5:11 AM List <list@md5collisions.eu> wrote:
>>>> I'm sorry I might have not been so clear about it. I meant a way to
>>>> encrypt the actual keydisk with a passphrase.
>>>>
>>>> On 2019-10-18 13:34, Jan Stary wrote:
>>>>>>> On Wednesday, October 16, 2019 11:06 PM, List <list@md5collisions.eu> wrote:
>>>>>>>> I was wondering if there is a reason for the lack of keydisk encryption.
>>>>> $ man bioctl
>>>>> # bioctl -h -v -c C ...
>>>>>
>>> To what end? At some point you're going to have to store the
>>> passphrase somewhere it can be easily read, and all you've really
>>> achieved is a way to, at best, slow down a potential attacker.
>>>
>

No comments:

Post a Comment