Date: Sun, 23 Sep 2007 20:03:42 +0200 (CEST) From: Christian Baer <christian.baer@uni-dortmund.de> To: freebsd-geom@freebsd.org Subject: Re: Pipes password from kdialog to geli attach Message-ID: <fd69pu$2ip2$1@nermal.rz1.convenimus.net> References: <200709222256.17692.yarodin@gmail.com> <20070923152508.GB1123@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Sep 2007 17:25:08 +0200 Pawel Jakub Dawidek wrote: > BTW. sha256 is not needed. Could be a good idea though when mounting several providers with one keyfile/passphrase combination - if they are "salted". > Also, as it was mentioned, keyfiles are not preprocessed by PKCS#5v2, This however only provides additional protection when analising the disc and a part of the passphrase is known. A brute force attack against the passphrase will work just as well, no matter if it is salted or not. I know that *you* know that. :-) Just wanted to point it out again. > but this is a good example why it's worth adding such functionality. Good idea! I've been pondering the idea of writing a front-end for geli for some time but the fact of this missing feature stopped me because anyone using this frontend would lose functionality. If you make it possible to pass the passphrase on to geli from the command line or via a pipe or something, then I'll sit down and write the front-end for it. Provided, you don't expect me to do that in C. :-) Python would probably be my choice here. Regards, Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fd69pu$2ip2$1>