Disk Encryption (was: Re: PGP "master keys")
Jeffrey I. Schiller
jis at mit.edu
Mon May 1 11:26:04 EDT 2006
I use the following approach to encrypting my disks.
I use an encrypted loopback device. The version of losetup I use
permits me to store the disk key in a PGP encrypted file and decrypt
it (with gpg) when needed. I made many backups of the both my personal
keyring and the file with the encrypted loop key. So the only "secret"
I have to remember is the passphrase on my normal PGP key, which I am
not liekly to forget.
Of course there is a trade-off here. If my PGP key is compromised, my
disk encryption is at risk (if the encrypted disk key file is
compromised as well).
-Jeff
P.S. If you run a reasonably modern Linux system, and have more then
one system, you can use "drbd" to implement software mirroring between
the two systems. Clever use of openvpn and encrypted loopback devices
can do this securely as well.
--
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis at mit.edu
============================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2212 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060501/f044ce9b/attachment.bin>
More information about the cryptography
mailing list