From: Heinz Diehl <htd@fancy-poultry.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Crack a dm-LUKS partition or harddisk
Date: Fri, 6 Nov 2009 19:27:57 +0100 [thread overview]
Message-ID: <20091106182757.GA9497@fancy-poultry.org> (raw)
In-Reply-To: <20091106172819.D11C97BD6E@ws5-10.us4.outblaze.com>
On 06.11.2009, Si St wrote:
> Is the security problems as to e.g. watermarks also affecting gnuPG? Well, I would think so if the ECB is used
GnuPG uses CFB mode of operation (as defined in the OpenPGP standard),
it's a streaming version of CBC and is therefore not vulnerable to
watermarking. Please folks, correct me if I'm wrong.
> I am a doctor and transfers daily info of thousands of patients every day on a USB-stick.
> Before I used to plaintextcopy them all to the stick, but now I always encrypts it as a tar-file with gpg.
> I transfer the journals from my office machine to home machines....
In my opinion, you're better off using LUKS/dmcrypt on the USB-stick. In
addition, the whole system should be encrypted as well, to handle leaking
of the passphrase/key.
> The office machine is an old SuSE 7.3 !! with hardware from the year of the Lord 2001.
> But this machine is NOT configured to internet - it is only a stand alone machine.
This machine needs to be updated. A whole lot of things changed since 2001.
> Was sagst du über diese Sache, mein lieber Heinz? Stubborness and remnant Newbie, maybe.
I would update / replace the old machine with a new one, install some
recent Linux distribution on it, with encrypted filesystems (incl.
root/swap), and prepare the USB stick with a LUKS/dmcrypt formatted
partition. Newer Linux kernels also provide a bunch of modes of operation
which are not vulnerable to watermarking (XTS...).
Alternatively, you could use an SSH tunnel using autorization via RSA-key
from/to your home/workingplace machine and drop carrying sensitive data on your memory stick.
next prev parent reply other threads:[~2009-11-06 18:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-06 17:28 [dm-crypt] Crack a dm-LUKS partition or harddisk Si St
2009-11-06 18:27 ` Heinz Diehl [this message]
2009-11-06 19:29 ` Arno Wagner
-- strict thread matches above, loose matches on Subject: below --
2009-11-05 21:49 Si St
2009-11-05 22:08 ` Heinz Diehl
2009-11-06 8:08 ` Luca Berra
2009-11-06 12:07 ` Heinz Diehl
2009-11-05 20:42 Si St
2009-11-05 21:34 ` Heinz Diehl
2009-11-05 22:03 ` Heinz Diehl
2009-11-04 16:51 Si St
2009-11-04 17:01 ` Sven Eschenberg
2009-11-04 17:30 ` Heinz Diehl
2009-11-04 22:29 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091106182757.GA9497@fancy-poultry.org \
--to=htd@fancy-poultry.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.