Date: Wed, 8 Feb 2006 22:51:09 +0100 (CET) From: Christian Baer <christian.baer@informatik.uni-dortmund.de> To: freebsd-geom@freebsd.org Subject: Re: -p with GELI Message-ID: <dsdp4d$gf7$2@nermal.rz1.convenimus.net> References: <dsdidb$gf7$1@nermal.rz1.convenimus.net> <20060208201852.GA732@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote:
> The '-p' option is gbde(8) is actually only for debug purposes, as other
> users can see it in ps(1) output (if not configured otherwise) and the
> passphrase will be logged via audit mechanism which is currenty merged
> to the tree.
Oops! Doesn't sound to productive if security is an issue. :-)
> What you want to use is '-k' option.
> If you really know what you're doing you can do something like this:
Hmm, I thought the keyfile and the passphrase were treated differently.
Does that mean they are exchangeable, i.e. if I init the provider with a
passphrase I can attach it with a keyfile of the same content as the
passphrase?
> I suggest not to use the same passphrase for all providers.
> You can always do something like:
>
> pass_da0=3D`echo "0${passphrase}0" | sha256`
> pass_da1=3D`echo "1${passphrase}1" | sha256`
> pass_da2=3D`echo "2${passphrase}2" | sha256`
For that to be of any real good[1], the script would have to be on an
encrypted provider - preferably with a *completely* different passphrase
(and as a result a completely different key) itself. But if the attacker
can analyse this script, then a brute forcing the ${passphrase} will grant
access to all providers.
Or am I missing the point here completely?
Regards
Chris
[1] I assume you are trying to prevent that if a brute force attack at
the passphrase works for ad0, the attacker will have the passphrase for
the other providers too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dsdp4d$gf7$2>