[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-user
Subject: Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
From: Michael <confabulate () kintzios ! com>
Date: 2023-09-19 11:47:06
Message-ID: 3258388.44csPzL39Z () lenovo
[Download RAW message or body]
On Tuesday, 19 September 2023 12:13:40 BST Dale wrote:
> Hmmmm,
>
> For some reason, I didn't get Michael's email. I see him being quoted
> but don't have his original. I wonder what is up with that. O-o
Assuming you will receive this message, have a look here:
https://marc.info/?l=gentoo-user&m=169511184714476&w=2
> Rich Freeman wrote:
> > On Tue, Sep 19, 2023 at 4:26 AM Michael <confabulate@kintzios.com> wrote:
> >> On Tuesday, 19 September 2023 06:36:13 BST Dale wrote:
> >>> Howdy,
> >>
> >> A strong
> >> password, like a strong door lock, buys you time. Hence the general
> >> recommendation to change your passwords frequently.
> >
> > While that can help on websites, it is of no use for full disk
> > encryption passwords - at least not without jumping through some big
> > hoops.
> >
> > In order to crack your LUKS password somebody obviously needs to be
> > able to read the encrypted contents of your disk. They cannot begin
> > cracking it until they have a copy of the LUKS headers. However, once
> > they do have it, they can make a copy and crack it at their leisure.
> > If they manage to crack it, then it will give them the volume key. At
> > that point if they were able to make a full copy of your disk they can
> > read whatever was on it at the time. If they can make a fresh copy of
> > your disk then changing the passphrase will not change the volume key,
> > and so they'll be able to read what is currently on your disk.
> >
> > Changing the volume key would defeat this, but requires running
> > cryptsetup-reencrypt which will take considerable time/CPU, though it
> > sounds like it can be done online.
>
> Let's jump into a hypothetical here. Let's say I'm a nasty terrorist or
> some other really evil dude. Let's say I have passwords are that really
> good. Let's say around 20 characters and a really nice mix of
> characters. If some gov't agency got my hard drive, how long would it
> take for them to crack it?
A couple of minutes?
https://xkcd.com/538/
:-)
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic