From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lyz@riseup.net>
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue,  7 Jul 2015 22:40:18 +0200 (CEST)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 107404126F
 for <dm-crypt@saout.de>; Tue,  7 Jul 2015 20:33:09 +0000 (UTC)
Message-ID: <559C3771.2030705@riseup.net>
Date: Tue, 07 Jul 2015 22:32:49 +0200
From: lyz <lyz@riseup.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="vseoAGLI9QnTmLqIlq188KrLj666l79lR"
Subject: [dm-crypt] Security concern: gpg keyfile vs passphrase
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--vseoAGLI9QnTmLqIlq188KrLj666l79lR
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi all,

I'm encrypting my whole system under LUKS, and I've seen that in the
wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
with gpg.

Why is more secure to encrypt a keyfile with a passphrase and then
encrypt the device with the keyfile rather than encrypting the device
directly with the passphrase?

Against a brute force attack the passphrase is the same, so they should
be equally secure, am I wrong?

Thank you



--vseoAGLI9QnTmLqIlq188KrLj666l79lR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVnDd9AAoJEIwPlE6REcw/2qAP/jrdz5mutTD9kezH2YKx7nbi
x/FdOuunnChPQQtbVEwfo058PagHhUaaKTL2E3FKTGHfyvbyJlr7WC2pnV3AWNeG
qvtvkIoCkBoK/FoVF9vHWCW+sK8zNiPO26n7OW0k0sx6AvjrscP19hbJhR6TMdOS
nikwSd9mtiGMf3znDw/vbiES2BXTbE7th51VumwJlOlC1rH9/Xt9HbyEK75h71Jp
R6UUmnkFFQGIItu7cGZtt1NSIHVvfIozBDM3tEOwcanhr+9oKB7sGjcmajk4eLlS
yYR71KewOEHp5OFQ/e6GRFKgZD6fuKdim4lpTk5scM6e5io52M1G6CJQPW8tZv6N
MIuxfsvrYbDGke8dJf0stFi1egW0g1pb6YbgFPRsnXVdUNhTECSD4uZjWZiK22aT
3l1vsa+oLqP897U4ob2j6EjP8pZNrLQ77GEX/LjulFM8jq1XvHWwbdzwg3RF1xOm
Ikcec2/CP6XybkfNFObb2At8sn5Qzvr6t3tDlsHM9M466FJPLQinZ+eOIVfAzJ6V
2+00vuZ2k16yWs1/tBxjpJLHQKHAZBz2nrjfvohrZYSGq11KjYQzPrbbL0nBN4lp
IyLAUlgiKDkvF1Ou96uCrLvn0zT5Ak8cI7OZRO91vlpXvRXEX3RE4yQQyLhrynpm
tuS3O296UC7MbNHIl+ZL
=JkYI
-----END PGP SIGNATURE-----

--vseoAGLI9QnTmLqIlq188KrLj666l79lR--