[24369] in cryptography@c2.net mail archive
Disk Encryption (was: Re: PGP "master keys")
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Mon May 1 15:54:07 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 1 May 2006 11:26:04 -0400
From: "Jeffrey I. Schiller" <jis@mit.edu>
To: "Travis H." <solinym@gmail.com>
Cc: StealthMonger <StealthMonger@nym.alias.net>,
cryptography@metzdowd.com
--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I use the following approach to encrypting my disks.
I use an encrypted loopback device. The version of losetup I use
permits me to store the disk key in a PGP encrypted file and decrypt
it (with gpg) when needed. I made many backups of the both my personal
keyring and the file with the encrypted loop key. So the only "secret"
I have to remember is the passphrase on my normal PGP key, which I am
not liekly to forget.
Of course there is a trade-off here. If my PGP key is compromised, my
disk encryption is at risk (if the encrypted disk key file is
compromised as well).
-Jeff
P.S. If you run a reasonably modern Linux system, and have more then
one system, you can use "drbd" to implement software mirroring between
the two systems. Clever use of openvpn and encrypted loopback devices
can do this securely as well.
--
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis@mit.edu
============================================================================
--vtzGhvizbBRQ85DL
Content-Type: application/x-pkcs7-signature
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIIIoAYJKoZIhvcNAQcCoIIIkTCCCI0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BhcwggLQMIICOaADAgECAhArn0yv9gGlYVZh0gcPJAsLMA0GCSqGSIb3DQEBBAUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNjAzMjYwMTE1
NTBaFw0wNzAzMjYwMTE1NTBaMD0xHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx
GjAYBgkqhkiG9w0BCQEWC2ppc0BtaXQuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAmvZA+p7wT9k8jrFXbiQH1P/3RXJmQQgtM0RgdneAjLR3cudZ+ksNKgJGUFFj2z7n
l0ke7QLehiSfWxswDKbDELofvuj7t7AVZsVC14QiLE4fTtGXBm63RfAW5aEee3/VPOCSVIMS
bp8jlWaYSMGjTlWxidOngAiUAhjnWCoIQ2KHLtB+e2W2/NvorunzLrJZ6+6ODVkj4AvFJQVE
m9m76GR79DFAyyV/yZ6hqq4EVOJbuNoLb98mbIX6zpM0CS4MwecA1of/q0buN8PvCHVCH2hJ
tGBfsq5peMg6BZDrkeA8cfs6y4uroeO/2LiZXonoDtBFoSmRVJ3Tu5NUZT4DXwIDAQABoygw
JjAWBgNVHREEDzANgQtqaXNAbWl0LmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBAIyVW+FT2zOcPUqNVwj5aheMhlI3174cnq8zE0xbFM7N94QAAMTbju9mnxEfT95z4PnS
RWLQa6wWUoSFL9jMWRl6dgiYxg+sRRl1MX28zqeWtaLpHlwxiAFK4Ds5fetNF0xRisrMvwM1
QIVmWe/Qj/ZJxWvNqdw3RPgV75RzDZGvMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUF
ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
ZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNh
dGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4X
DTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT
HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxV
c1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J
8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9I
BH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0f
BDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1h
aWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRl
TGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aU
nX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3d
qZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAlEw
ggJNAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AhArn0yv9gGlYVZh0gcPJAsLMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTAxMTUyNjA0WjAjBgkqhkiG9w0BCQQxFgQUxupu
s2DA2aMzSoA7pKcE6JwNZkgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI
hvcNAQEBBQAEggEAX/axu3O5cpSPddGUnwPsLi5qZmrjZSmDvehSWOxWMXizjH6XkQXnLGst
lylQa+1vrSjPoouSUFtaFfTonwVnW8I86Ntc2eRPbfqVu6wj31JJvzdQqbTLySQAqWLjW8vp
cN9UsJYVnEmQA72d8BcBXMjsw8VAwfEVvK56canKawTAVNoo9D1UZjImcD3xn3yxPZp8BDDv
+7U0CnA1gWCjzeFEDNzeC/1U1OYauiQXtJK+wiF1YxsDL/iSBzjM44/POKq+/XTHSG8CL/0+
2KWMS/Dewv1dk/OGpMPVDcN7XUH7cfQabyct40DmiFfHu6crNZbKOZbJPfFNHhybvtC/vA==
--vtzGhvizbBRQ85DL--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
