Re: [dm-crypt] Pass+keyfile

[0x14@unseen.is]

> I beg to differ: Good quality paper has a life-expectancy
> of several hundred years, and so has good quality ink.
> Make it waterproof with a zip-lock bag. Make it non-obvious by
> folding it.
> 
> Even an industial SD card only has 10 years data life expectancy,
> your ordinary commercial "quality" one can become shaky after as
> little as a year and a "no name" one even sooner.

Hm, I think you compare some spaceship technology paper and ink with 
noname sd car manufacturer. I have no idea where I can get that eternal 
paper and ink that never wares while active use, but I have 3 n-year old 
1 gb sd and microsd cards that I can still use without problem. I have 
even older working 256-mb flash drive...

I still don`t get why I shouldn`t use encrypted keyfile for the purpose 
of destroying information. You tell me that there is an alternative. 
That`s good! But what`s wrong with my way?

>> it is not resistant to
>> water, it could be easily copied by attacker and not by you (if you
>> don`t trust electronics)...
> 
> Huh? And the SD card cannot be copied?

SD could be copied of course, but not as easy as to make a foto of piece 
of paper.

> And why shoudl the attacker
> have any advantage here?

Because then I cannot destroy encrypted container with destroying my 
copy of keyfile.

>> and I don`t mention convenience like
>> ability to carry as many keyfiles as I want without being looking
>> strange, etc.
>> 
>> Also, for example, 1024 or 16k letters is far more better for
>> security than 50+what_you_can_remember letters for passphrase...from
>> "cryptographical perspective", please excuse my ignorance :)
> 
> They get hashed to 160 bits by the passphrase input. From
> about 30 characters onwards, you do not get a better hash.

That is another thing I wanted to talk about later, but you mention it 
here. Quentin Lefebvre wrote before: "it's worth remembering hash 
algorithms are ignored with key files in plain mode, so that the 
--hash=sha512 is not effective and actually equivalent to --hash=plain 
in this case".

I have three questions:

1. Are you saying passphrases longer than "about 30 characters" are 
useless with plain mode?

2. So it is more secure to remove --key-file=- and pass unencrypted 
keyfile as passphrase but make sure I have no new lines there? Then I 
could use --hash=sha512 and it would be effective?

3. When I try to replace "--hash=sha512" with "--hash=plain", I cannot 
mount mapped device, so it is not the same. Em?

I may write very stupid things here, so I apologise in advance for that 
:)


> It really depends on the details of the scenario.

Ok, let`s stay in IT security. It could be some sort of timer, and I 
must remotely do something before data get destroyed (phone special 
number, go to website and type password, send email, pay bills, etc), 
then timer resets.

>> >>3. Attacker can attach a hidden camera behind me while I typing
>> >>password (or do similar approach) and then get a copy of encrypted
>> >>data (it is far easier than get full root access)
>> >
>> >Oh? Just have the attacker look with the camera while you type
>> >in your root password...
>> 
>> Root password != full access right away. Also, they could "catch"
>> one password and not other.
> 
> Sorry, but irrelevant. If you do not notice, they have all the time
> they want. If you notice, then even "right away" is not fast enough.
> 
> There may be small residual benefit from scenarios where you notice,
> but only a short time later.

I could be in video-controlled area for a short period of time, and they 
can get video and data copy far later, when it is obvious it is needed. 
But I agree, this is not very practical case. In other hand, not 
impossible :) IDK