From: theiling@absint.com (Henrik Theiling)
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain?
Date: Tue, 4 Aug 2009 15:01:11 +0200 (CEST) [thread overview]
Message-ID: <20090804130111.A93DD16441DA@mail.absint.com> (raw)
In-Reply-To: <20090803234824.190ea23a@gmail.com> (Moji's message of "Mon\, 3 Aug 2009 23\:48\:24 +0300")
Hi!
Moji writes a lot in interesting stuff and finally:
>...
> I hope this helps you,
This helped a lot, yes, thank you!
And Milan wrote:
> Just small note: dm-crypt (kernel part) have one key per mapped
> segment, you can create as many segments with different keys (even
> with different algorithms) (imagine simple Logical Volume in LVM
> split over several areas of disk - the same logic can be used for
> crypt segments.)
Interesting!
> Only userspace (cryptsetup) is not able to configure it easily - you have to use
> dmsetup directly (or stack LVM/MD over several LUKS devices).
:-( But at least it's possible, I did not know that.
And Heinz wrote:
> The main weaknesses are often related to a bad passphrase or different
> circumstances which makes it easy for an adversary to get it, e.g.
> writing down the passphrase or choosing not enough entropy.
Right. I try to remember extremely long passphrases (people tend to
have strange looks on their faces when I type a hard disk passphrase),
but of course, I'm no computer. :-)
**Henrik
next prev parent reply other threads:[~2009-08-04 13:01 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-03 12:53 [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain? Henrik Theiling
2009-08-03 14:34 ` Heinz Diehl
2009-08-03 16:16 ` Henrik Theiling
2009-08-03 17:34 ` Heinz Diehl
2009-08-03 17:37 ` Heinz Diehl
2013-01-03 9:50 ` Peter Pfundstein
2009-08-03 14:43 ` [dm-crypt] E3E-2A1 - 1, 5 " Heinz Diehl
2009-08-03 20:48 ` [dm-crypt] 1,5 " Moji
2009-08-04 7:42 ` Milan Broz
2009-08-04 13:01 ` Henrik Theiling [this message]
2009-08-03 21:46 ` Moji
2009-08-04 13:27 ` Henrik Theiling
2009-08-04 13:55 ` Moji
2009-08-06 11:02 ` Salatiel Filho
2009-08-06 14:32 ` Henrik Theiling
2009-08-06 15:24 ` Heinz Diehl
2009-08-06 16:00 ` Salatiel Filho
2009-08-06 16:02 ` Salatiel Filho
2009-08-07 12:16 ` Salatiel Filho
2009-08-07 12:20 ` Salatiel Filho
2009-08-07 16:00 ` Salatiel Filho
2009-08-08 8:27 ` Heinz Diehl
2009-08-08 10:03 ` Salatiel Filho
2009-08-06 15:43 ` Sam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090804130111.A93DD16441DA@mail.absint.com \
--to=theiling@absint.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.