Re: Crypto in DragonFlyBSD
On Wed, 31 Mar 2010, Matthew Dillon wrote:
> and block ciphers, is that you need a significant amount of random
> salt in each randomly accessible unit to protect against various forms
> of attack.
Against dictionary attacks, as I understand it. The salt ensures that you
can't just pre-generate a list of hashes once, from a huge dictionary, but
have to attack each system separately.
The salt must still be available to the system for it to be able to
decrypt things, which as far as I can see means outside the encrypted
volume and readable by root -- and any attacker that can gain physical
access. (If it's not available to the system, it's not a salt, but
something else, like part of the password.)
> The salt can be applied as part of the encoding/decoding
> stream (it doesn't have to be all up-front), but the question is where
> does one store that salt?
/etc/cgd/<device>. :-)
(not world readable)
MAgnus
討論串 (同標題文章)
完整討論串 (本文為第 4 之 7 篇):