[Discuss] encrypted linux systems
Kent Borg
kentborg at borg.org
Tue Jan 28 11:54:41 EST 2014
On 01/28/2014 11:39 AM, Edward Ned Harvey (blu) wrote:
> Also, last I knew, [Truecrypt] use a 16,000 round key derivation
> function, which is wildly insufficient to protect against offline
> brute force attack. You need to select a very long, highly entropic
> password. As they suggest, no less than 20 characters.
Even with password hardening, I would suggest a good passphrase for any
encryption key you care about.
For a Linux machine might not be booting it very often, so a long pass
phrase doesn't *have* to be that much of a pain.
Write down most of it, remember a shorter portion of it. Don't store
the written down part with the computer you are protecting. If someone
finds the written down part, and knows what it is, you would be no worse
off than if you only used the shorter portion and relied on strengthening.
-kb
More information about the Discuss
mailing list