From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mail@wintonian.org.uk>
Received: from zeus-mail.servers.eqx.misp.co.uk
 (zeus-mail.servers.eqx.misp.co.uk [91.146.104.11])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed,  8 Jul 2015 00:13:23 +0200 (CEST)
Received: from elrond.wintonian.org.uk ([84.92.56.128]:42334
 helo=[192.168.1.131])
 by zeus.servers.eqx.misp.co.uk with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
 (Exim 4.85) (envelope-from <mail@wintonian.org.uk>)
 id 1ZCZyM-0005i3-Iy
 for dm-crypt@saout.de; Tue, 07 Jul 2015 22:00:17 +0100
Message-ID: <559C3DDB.1020805@wintonian.org.uk>
Date: Tue, 07 Jul 2015 22:00:11 +0100
From: wintonian <mail@wintonian.org.uk>
MIME-Version: 1.0
References: <559C3771.2030705@riseup.net>
In-Reply-To: <559C3771.2030705@riseup.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Security concern: gpg keyfile vs passphrase
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

(replying to the list rather than the individual might be a better idea)

A quick guess,

In this scenario you have the following:-

A, something physical - i.e. a keyfile.
plus
B, something known - i.e. a pass phrase.

Which equals something more secure

I guess there might be more to it than that, but I assume that's part of it.

Regards
Robert

On 07/07/15 21:32, lyz wrote:
> Hi all,
>
> I'm encrypting my whole system under LUKS, and I've seen that in the
> wiki of Arch and Gentoo they suggest to use a keyfile and encrypt it
> with gpg.
>
> Why is more secure to encrypt a keyfile with a passphrase and then
> encrypt the device with the keyfile rather than encrypting the device
> directly with the passphrase?
>
> Against a brute force attack the passphrase is the same, so they should
> be equally secure, am I wrong?
>
> Thank you
>
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>