DragonFly BSD
DragonFly kernel List (threaded) for 2010-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Crypto in DragonFlyBSD

From: Magnus Eriksson <magetoo@xxxxxxxxxxx>
Date: Wed, 31 Mar 2010 21:52:47 +0200 (CEST)

On Wed, 31 Mar 2010, Matthew Dillon wrote:

   and block ciphers, is that you need a significant amount of random
   salt in each randomly accessible unit to protect against various forms
   of attack.

Against dictionary attacks, as I understand it. The salt ensures that you can't just pre-generate a list of hashes once, from a huge dictionary, but have to attack each system separately.

The salt must still be available to the system for it to be able to decrypt things, which as far as I can see means outside the encrypted volume and readable by root -- and any attacker that can gain physical access. (If it's not available to the system, it's not a salt, but something else, like part of the password.)

   The salt can be applied as part of the encoding/decoding
   stream (it doesn't have to be all up-front), but the question is where
   does one store that salt?

/etc/cgd/<device>. :-)

(not world readable)


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]