Date: Sun, 23 Sep 2007 17:25:08 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: yarodin <yarodin@gmail.com> Cc: freebsd-geom@freebsd.org Subject: Re: Pipes password from kdialog to geli attach Message-ID: <20070923152508.GB1123@garage.freebsd.pl> In-Reply-To: <200709222256.17692.yarodin@gmail.com> References: <200709222256.17692.yarodin@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EuxKj2iCbKjpUGkD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 22, 2007 at 10:56:17PM +0600, yarodin wrote: > init: > password=3D`kdialog --password "Enter the password"` > echo $password|sha256|geli init -s 4096 -P -K - /dev/ad0s1e >=20 > atach: > password=3D`kdialog --password "Enter the password"` > echo $password|sha256|geli attach -p -k - /dev/ad0s1e >=20 > Is it very unsecure? May be a better method exists? It depends. Most (if not all) shells have echo command built-in, so noone will see 'echo <password>' in ps(1) output, although, maybe simply do: kdialog --password "Enter the password" | geli attach -p -k - /dev/ad0s1e ? BTW. sha256 is not needed. Also, as it was mentioned, keyfiles are not preprocessed by PKCS#5v2, but this is a good example why it's worth adding such functionality. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --EuxKj2iCbKjpUGkD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG9oVUForvXbEpPzQRAjT9AKDFGypOVw+RAeqgJZHIFw5WLeA2xwCfTV5S 6RyFQIXwQ95uMDVB4GYmUdk= =48HN -----END PGP SIGNATURE----- --EuxKj2iCbKjpUGkD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070923152508.GB1123>