From owner-freebsd-geom@FreeBSD.ORG Wed Feb 8 22:01:37 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB70A16A420 for ; Wed, 8 Feb 2006 22:01:37 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 505F543D46 for ; Wed, 8 Feb 2006 22:01:37 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1F6xNE-000116-11 for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 23:01:16 +0100 Received: from 87.193.38.20 ([87.193.38.20]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 Feb 2006 23:01:15 +0100 Received: from christian.baer by 87.193.38.20 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 Feb 2006 23:01:15 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Christian Baer Date: Wed, 8 Feb 2006 22:51:09 +0100 (CET) Organization: Convenimus Projekt Lines: 38 Message-ID: References: <20060208201852.GA732@garage.freebsd.pl> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 87.193.38.20 User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: -p with GELI X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 22:01:38 -0000 On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote: > The '-p' option is gbde(8) is actually only for debug purposes, as other > users can see it in ps(1) output (if not configured otherwise) and the > passphrase will be logged via audit mechanism which is currenty merged > to the tree. Oops! Doesn't sound to productive if security is an issue. :-) > What you want to use is '-k' option. > If you really know what you're doing you can do something like this: Hmm, I thought the keyfile and the passphrase were treated differently. Does that mean they are exchangeable, i.e. if I init the provider with a passphrase I can attach it with a keyfile of the same content as the passphrase? > I suggest not to use the same passphrase for all providers. > You can always do something like: > > pass_da0=3D`echo "0${passphrase}0" | sha256` > pass_da1=3D`echo "1${passphrase}1" | sha256` > pass_da2=3D`echo "2${passphrase}2" | sha256` For that to be of any real good[1], the script would have to be on an encrypted provider - preferably with a *completely* different passphrase (and as a result a completely different key) itself. But if the attacker can analyse this script, then a brute forcing the ${passphrase} will grant access to all providers. Or am I missing the point here completely? Regards Chris [1] I assume you are trying to prevent that if a brute force attack at the passphrase works for ad0, the attacker will have the passphrase for the other providers too.