Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Feb 2014 21:20:48 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Need assistance with encrypted Time Machine sparsebundle

On 02/21/2014 08:19 PM, magnum wrote:
> The good news is that the file created with dmg2john will contain no
> sensitive information afaik, so you could publish it here and hope for
> volunteers to help with global warming.

This is not entirely true, so be careful.

If you publish the dmg2john output and someone manages to find the
correct password, he'll have all the information required to decrypt the
data on your drive, should he ever get hold of it, or a copy of that drive.
Even if you manage to find your password and change the password you
used for that encryption key, you are still not safe.

This is probably similar with LUKS or Truecrypt.
If you change your password, the encryption key and almost all the data
on the encrypted disk remains unchanged.

So, you'd need to use another disk, encrypt that one (that way
generating a new random encryption key, which you encrypt with you one
password.
Then, copy all you data to the new disk, and wipe out all data on the
old disk before reusing it...

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.