|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Fri, Sep 02, 2011 at 11:32:03AM +0200, Yves-Alexis Perez wrote: > On ven., 2011-09-02 at 09:29 +0200, marcin kowalski wrote: > > Are there any other authenticaton methods one could use? > > You just need a keyscript which will output the key on stdout and pipe > it to cryptsetup. > > I'm not exactly sure if there are security implications there (like if > the key could be somewhere on memory not protected or something like > that). Not really. If you are root, you can query the key anyways, see FAQ item "How do I recover the master key from a mapped LUKS container?". This is not a surprise or design defect. As root can access the whole memory (via /proc/kcore) the key cannot be hidden anyways. As to the key staying in memory from the piping, as far as I know that does not happen. I could be wrong though. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
[DM Devel] [Fedora Desktop] [ATA RAID] [Fedora Marketing] [Fedora Packaging] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]
|
|