Perhaps you should read the footer of every email. mps > On Jan 2, 2014, at 9:58 AM, Phil Labonté <plabonte [ at ] gmail [ dot ] com> wrote: > > How do I unsubscribe from this list????? > > Sent from my iPod > >>> On Jan 2, 2014, at 9:43 AM, Martin Hicks <mort [ at ] bork [ dot ] org> wrote: >>> >>> On Mon, Dec 23, 2013 at 4:18 PM, Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: >>> On Mon, Dec 23, 2013 at 03:47:05PM -0500, Robert P. J. Day wrote: >>> >>> LUKS does block device symmetric encryption. It's in a way a wrapper >>> around dm-crypt. Plain dm-crypt requires you to specify all the >>> parameters manually, whereas LUKS creates a header at the beginning of >>> the block device. dm-crypt requires you to understand the crypto, and >>> won't do things like salting your secret. LUKS will randomly generate >>> (and salt if I recall correctly) a master secret, and provide ten >>> “slots” for weaker secrets (e.g., passwords, passphrases, or binary data >>> of your chosing), which it'll run through PBKDF2. >> >> This is close, but there is no "weaker" secret. For each "slot" (of >> which I think there are 8) that is activated, the "Master" key is >> encrypted using the passphrase/data that is provided when the slot is >> enabled/configured (when you create a new LUKS device, there is only a >> single slot activated). In the default configuration, the Master Key >> is an AES encryption key. >> >> Later, when you're prompted for the passphrase to unlock the LUKS >> device, cryptsetup loops through each enabled slot using the provided >> passphrase and gets some Master Key as a result. It verifies (I can't >> remember how...looks for a header?) if this Master Key makes sense >> i.e., it successfully decrypts some data in a way that yields correct >> plaintext. >> >> So, with multiple slots enabled the Master Key is encrypted multiple >> times using different passphrases and PBKDF2. >> >> mh >> >> -- >> Martin Hicks P.Eng. | mort [ at ] bork [ dot ] org >> Bork Consulting Inc. | +1 (613) 266-2296 >> _______________________________________________ >> Linux mailing list >> Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca >> http://oclug.on.ca/mailman/listinfo/linux > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux