From owner-freebsd-geom@FreeBSD.ORG  Fri Feb 10 07:04:39 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C80216A420
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 07:04:39 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E63B443D48
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 07:04:37 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 5E6A750B87; Fri, 10 Feb 2006 08:04:35 +0100 (CET)
Received: from localhost (dlt178.neoplus.adsl.tpnet.pl [83.24.49.178])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id 3BC3A509F1;
	Fri, 10 Feb 2006 08:04:29 +0100 (CET)
Date: Fri, 10 Feb 2006 08:04:10 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-ID: <20060210070410.GD3590@garage.freebsd.pl>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
	<20060208201852.GA732@garage.freebsd.pl>
	<dsdp4d$gf7$2@nermal.rz1.convenimus.net>
	<20060208224645.GF732@garage.freebsd.pl>
	<dse2q1$i5h$1@nermal.rz1.convenimus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="32u276st3Jlj2kUU"
Content-Disposition: inline
In-Reply-To: <dse2q1$i5h$1@nermal.rz1.convenimus.net>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng/devel-r535 (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL,
	RCVD_IN_SORBS_DUL autolearn=no version=3.0.4
Cc: freebsd-geom@freebsd.org
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2006 07:04:39 -0000


--32u276st3Jlj2kUU
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 09, 2006 at 01:36:17AM +0100, Christian Baer wrote:
+> On Wed, 8 Feb 2006 23:46:45 +0100 Pawel Jakub Dawidek wrote:
+>=20
+> > No, but you may pass 'keyfile' through standard input, so it can be
+> > anything.
+> > You must know, that for keyfiles PKCS#5v2 won't be used nor additional
+> > salt.
+>=20
+> So that means, if I init a provider without a keyfile but with a long
+> passphrase, I get the benifit of PKCS#5v2 and additional salt? That is
+> the way I initialized all my providers so far. Could I now use -k to
+> attach the providers as shown in the script?

No. If it is already initialized you can't do it.
So still can change the key or just use expect.

+> > This is not to prevent brute force attack, it's just better no to use
+> > the same key. Actually here it is not so important as it is only used
+> > for Master-Key encryption which is random.
+>=20
+> But as you wrote, part of the key is random and part is derived from the
+> passphrase. So each key *would* be different.
+>=20
+> > Anyway, in my opnion this is the list from the safest to the most unsa=
fe
+> > configuration list:
+> > 1. Different passphrase for every provider.
+> > 2. Different key for every provider derived from the same passphrase.
+> > 3. One passphrase for every provider.
+>=20
+> Where is the difference between 2 and 3?

When one of your keys leaked (eg. by ps(1) output or any other way), an
attacker can decrypt only one disk, not three.

+> [...] Is 3 "1 passphrase and 1 key
+> for every provider"? Could that even be achieved?

Maybe I wasn't clear there. 3rd point is what you proposed: One
passphrase (the same passphrase) for all providers.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--32u276st3Jlj2kUU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD7DrqForvXbEpPzQRApuSAJwKyJxQMGF5mRnq3AIviB0LoH19CACcDQJx
XDGgezF7Ik+1vBiPLwdI8Bo=
=NlcV
-----END PGP SIGNATURE-----

--32u276st3Jlj2kUU--