From owner-freebsd-geom@FreeBSD.ORG Sun Sep 23 18:06:45 2007 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2521716A46C for ; Sun, 23 Sep 2007 18:06:45 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from mx3.netclusive.de (mx3.netclusive.de [89.110.132.133]) by mx1.freebsd.org (Postfix) with ESMTP id C62E413C50A for ; Sun, 23 Sep 2007 18:06:44 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from nermal.rz1.convenimus.net (Fddc5.f.ppp-pool.de [195.4.221.197]) (Authenticated sender: ncf1534p2) by mx3.netclusive.de (Postfix) with ESMTP id B5E676049DC for ; Sun, 23 Sep 2007 20:06:43 +0200 (CEST) Received: by nermal.rz1.convenimus.net (Postfix, from userid 8) id 78C4D15217; Sun, 23 Sep 2007 20:03:42 +0200 (CEST) To: freebsd-geom@freebsd.org Path: not-for-mail From: Christian Baer Newsgroups: gmane.os.freebsd.devel.geom Date: Sun, 23 Sep 2007 20:03:42 +0200 (CEST) Organization: Convenimus Projekt Lines: 28 Message-ID: References: <200709222256.17692.yarodin@gmail.com> <20070923152508.GB1123@garage.freebsd.pl> NNTP-Posting-Host: sunny.rz1.convenimus.net X-Trace: nermal.rz1.convenimus.net 1190570622 84770 192.168.100.5 (23 Sep 2007 18:03:42 GMT) X-Complaints-To: abuse@convenimus.net NNTP-Posting-Date: Sun, 23 Sep 2007 18:03:42 +0000 (UTC) User-Agent: slrn/0.9.8.1 (FreeBSD/6.2-RELEASE-p7 (sparc64)) Subject: Re: Pipes password from kdialog to geli attach X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Sep 2007 18:06:45 -0000 On Sun, 23 Sep 2007 17:25:08 +0200 Pawel Jakub Dawidek wrote: > BTW. sha256 is not needed. Could be a good idea though when mounting several providers with one keyfile/passphrase combination - if they are "salted". > Also, as it was mentioned, keyfiles are not preprocessed by PKCS#5v2, This however only provides additional protection when analising the disc and a part of the passphrase is known. A brute force attack against the passphrase will work just as well, no matter if it is salted or not. I know that *you* know that. :-) Just wanted to point it out again. > but this is a good example why it's worth adding such functionality. Good idea! I've been pondering the idea of writing a front-end for geli for some time but the fact of this missing feature stopped me because anyone using this frontend would lose functionality. If you make it possible to pass the passphrase on to geli from the command line or via a pipe or something, then I'll sit down and write the front-end for it. Provided, you don't expect me to do that in C. :-) Python would probably be my choice here. Regards, Chris