forbytten
forbytten
Another option may be to use LUKS with a loop device, the latter of which is a file used as a block device, not to be confused with loop-AES, the...
You're right that I focused only on dd being dangerous, due to confirmation bias, as dd was my main concern. I'll leave it up to @koddo to comment on whether...
1. Yes. There's nothing inherently wrong with the tar + GPG approach, just that it relies on the user following correct procedure rather than the underlying tech protecting the user...
I would suggest another criterion to be KDF (key derivation function) support. The KDF is a function that transforms/derives the real symmetric encryption key from the passphrase. It's utility is...
Actually, hashing your passphrase yourself and feeding it to GPG may be a good idea. Just be careful how you do it. For example, the GPG man page states for...
An example of incorrectly feeding argon2 to gpg is below. I'm not going to try for the correct way because I'm not sure I endorse it or maybe it's because...
@koddo yes, if I were to use that approach, that's how I'd do it. However, I would still recommend/prefer the password manager approach, especially since now you don't just have...
@koddo not sure what I was thinking. You don't have to memorize the salt, iteration count, memory usage and parallelism. You can just stash them in a text file alongside...
@koddo I thought I'd throw in another idea as food for thought as an alternative to the "saved in filename" concept you mentioned. Linux filesystems like ext4 support extended attributes,...
> Another option would be putting this argon2-parameters file alongside with gpg-encrypted data in a tar archive, this way it's not going to be lost. This is much more user-friendly,...