[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pgp 2.6.3i vs pgp5i vs gnupgp


On Fri, 21 Mar 2003 08:31:37 +0000, Roland Mas wrote:
> Kevin Rosenberg (2003-03-20 12:40:17 -0700) :
>> I do the same. Additionally, I use the Debian cryptoapi and cryptoloop
>> kernel modules to encrypt the USB drive. I think the chance of losing
>> such a portable, small device is significant. With encryption, I feel
>> better about the possibility.
> I'm wondering whether this brings any additional security.  Isn't the
> GPG private key stored in an encrypted form already?  Or do the
> cryptoloop and cryptoapi modules offer more than 128-bit encryption?
The point seems to be that you now need to break _two_ encryptions (the
crypto disk and the secret key), so anybody who really wants to crack the
thing must do the work twice.

Unless your keyring is stolen, that doesn't protect you in any way; if
it's mounted, then you already entered the access password and $THIEF gets
the files decrypted for free.

If it does get stolen, the attacker needs to break the secret key's
encryption. That's exactly as difficult as breaking the encryption on any
file encoded with that key; in other words, if they can do that they don't
need the secret key in the first place.

Assuming that the attacker grabbed my keyboard input and has the
passphrase, well, they likely grabbed the passphrase for the encrypted
file system too, so again there's no better protection.

I do have an encrypted loopback file system on my USB drive. I need to put
my $random_sensitive_personal_stuff *somewhere*, after all. ;-) In the
past, the only problem was that I haven't yet found any crypt file system
that's usable from both Linux and W*nd*ws, but the Knoppix CD-ROMs took
care of _that_ "problem".


Attachment: pgpvWHLTLGF_t.pgp
Description: signature

Reply to: