-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2014 03:58 PM, Walter Dnes wrote: > On Tue, Apr 29, 2014 at 01:32:46PM -0400, Rick "Zero_Chaos" Farina wrote > >> On 04/29/2014 12:27 PM, Walter Dnes wrote: >>> >>> Another couple of things I didn't realize. According to >>> https://wiki.gentoo.org/wiki/Dm-crypt I have to build in support for the >>> crypt target in the kernel. It also suggests >>> <*> SHA224 and SHA256 digest algorithm >>> >>> Any comments on their strength? I'm not worried about the NSA or CSIS >>> as much as opportunistic criminals. >> >> I use whirlpool. Why you ask? It sounds cool! Also it supported 512bit >> which seems nice. > > Sorry to pester you, but I'm beginning to realize just how much is > involved here that I'm a newbie at. Two more questions... > > 1) If multiple encryption algorithms are enabled in the kernel, how does > the system decide which one to use?
dmcrypt/luks stores the proper encryption algorithm, as long as the correct one is supported you are all set. > > 2) I assume that if I want to use the same encrypted USB key on 2 or > more machines, then the kernels of all the machines must be built with > the same encryption algorithms? > No, but they do both need the encryption and hashing algorithm you are using. - -Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTYGTkAAoJEKXdFCfdEflKmd8QAIYHiSe6oPPDjHcbuzQBxqmf xCx0bdcs3vaHCgb8Nh0AZrckR4tgyedkk2OWyXVkPI29fQl5up1PLnSBqgePJQou oJT/q/kNXhFOoWVc0iNCWASoSjmv6X/F5JQGCK/kfJMR0FOM373JPx2iBk6Dhbxf FGepnQkDKGLSlm+BUjLfNPX161EC+EwEw5B29gtKZZpk9VlI7aeRDTPtjXQClB8g sdJA5h/1g21YX47gqvgQ3KKH7dJjav4l0eom+yO/WkhDAzySqtXl0OaGLg2vnqND OIy8sX3Dc6qwMr6h0G6o3Wdc7YpRlIPYuINv4HQFfl9l745/Cmv6SDBLF5BHpIg2 pXGOimwc/drSkzxjC9i8f2boa8piSAAE+YITykarVaJnlF8pqs+lB2fMt0kW34aH oFlzuPLZjb4Rdzq5MwypGfTumRKTa2zn6A9EdrvJugazY9b5WGtTet2Du8i5o7Xp z6bwS97+1GvwhybzKCk2BE+h1FQAaTQo0hBhCIKwxn5AHyL5VS2yA53Oz8c2yM8B xKfu96hwTBCIVSBXEWU1QM++vFRYhPuOtug4GgLixbXi7WEed2q3eUEDyb0I5Oba CJTrrAfl97wuL8RJrZyVVlXkcsHAqVeDtmT2IWeDU1CmAi58aXsDfRGDRoRHq7e/ a3/DHVGvebwUxEac8NgB =53C+ -----END PGP SIGNATURE-----