Hi, On Fri, 21 Mar 2003 08:31:37 +0000, Roland Mas wrote: > Kevin Rosenberg (2003-03-20 12:40:17 -0700) : >> I do the same. Additionally, I use the Debian cryptoapi and cryptoloop >> kernel modules to encrypt the USB drive. I think the chance of losing >> such a portable, small device is significant. With encryption, I feel >> better about the possibility. > > I'm wondering whether this brings any additional security. Isn't the > GPG private key stored in an encrypted form already? Or do the > cryptoloop and cryptoapi modules offer more than 128-bit encryption? > The point seems to be that you now need to break _two_ encryptions (the crypto disk and the secret key), so anybody who really wants to crack the thing must do the work twice. Unless your keyring is stolen, that doesn't protect you in any way; if it's mounted, then you already entered the access password and $THIEF gets the files decrypted for free. If it does get stolen, the attacker needs to break the secret key's encryption. That's exactly as difficult as breaking the encryption on any file encoded with that key; in other words, if they can do that they don't need the secret key in the first place. Assuming that the attacker grabbed my keyboard input and has the passphrase, well, they likely grabbed the passphrase for the encrypted file system too, so again there's no better protection. I do have an encrypted loopback file system on my USB drive. I need to put my $random_sensitive_personal_stuff *somewhere*, after all. ;-) In the past, the only problem was that I haven't yet found any crypt file system that's usable from both Linux and W*nd*ws, but the Knoppix CD-ROMs took care of _that_ "problem". -- Matthias
Attachment:
pgpvWHLTLGF_t.pgp
Description: signature