ecryptfs-devel team mailing list archive

Thread
Date

Re: unable to mount old filesystem

To: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
From: Dave Hansen <dave@xxxxxxxx>
Date: Mon, 05 Oct 2009 10:16:45 -0700
Cc: ecryptfs-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <d9c105ea0910050919l72f9f80ehccb3f92f6be8d552@mail.gmail.com>

On Mon, 2009-10-05 at 11:19 -0500, Dustin Kirkland wrote:
> It's for this reason that we've chosen not to use a salt in the
> default Ubuntu encrypted home directory setup.  The mount passphrase
> is already randomly generated, which thwarts dictionary attacks.  We
> decided that the extra bits of security offered by a salt were not
> worth the inevitable inadvertent loss of salt by legitimate users of
> ecryptfs.

How big was that salt?  I'm just thinking of the UNIX password salts
that were only 12 bits or so.  They were intended to be brute-forced
through at each login.  If it is small, perhaps it is worth just
scripting it to try and recover.

-- Dave

Follow ups

Re: unable to mount old filesystem
From: Tyler Hicks, 2009-10-05
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05

References

unable to mount old filesystem
From: Dave Hansen, 2009-10-04
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05
Re: unable to mount old filesystem
From: Dave Hansen, 2009-10-05
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05
Re: unable to mount old filesystem
From: Dave Hansen, 2009-10-05
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05