Date: Wed, 8 Feb 2006 22:51:09 +0100 (CET) From: Christian Baer <christian.baer@informatik.uni-dortmund.de> To: freebsd-geom@freebsd.org Subject: Re: -p with GELI Message-ID: <dsdp4d$gf7$2@nermal.rz1.convenimus.net> References: <dsdidb$gf7$1@nermal.rz1.convenimus.net> <20060208201852.GA732@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote: > The '-p' option is gbde(8) is actually only for debug purposes, as other > users can see it in ps(1) output (if not configured otherwise) and the > passphrase will be logged via audit mechanism which is currenty merged > to the tree. Oops! Doesn't sound to productive if security is an issue. :-) > What you want to use is '-k' option. > If you really know what you're doing you can do something like this: Hmm, I thought the keyfile and the passphrase were treated differently. Does that mean they are exchangeable, i.e. if I init the provider with a passphrase I can attach it with a keyfile of the same content as the passphrase? > I suggest not to use the same passphrase for all providers. > You can always do something like: > > pass_da0=3D`echo "0${passphrase}0" | sha256` > pass_da1=3D`echo "1${passphrase}1" | sha256` > pass_da2=3D`echo "2${passphrase}2" | sha256` For that to be of any real good[1], the script would have to be on an encrypted provider - preferably with a *completely* different passphrase (and as a result a completely different key) itself. But if the attacker can analyse this script, then a brute forcing the ${passphrase} will grant access to all providers. Or am I missing the point here completely? Regards Chris [1] I assume you are trying to prevent that if a brute force attack at the passphrase works for ad0, the attacker will have the passphrase for the other providers too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dsdp4d$gf7$2>