On Wed, 2003-08-06 at 04:00, Ben Slusky wrote: > Ok, this time for sure. > > To recap, since linux-crypto seems to have dropped the other email due to > its size, this patch allows losetup and mount to use an external program > to hash the password. The program is specified using the -P option to > losetup or mount, like so: > > losetup -e aes-cbc-128 -P sha256prog /dev/loop/10 /home/sluskyb/testloop > or > mount -o loop,encryption=aes-cbc-128 -P sha256prog /home/sluskyb/testloop /mnt/testloop this looks a bit inconsistent, since the encryption algorithm is passed as -o option, while the hashing filter is passed completely different; one might really want to be able to specifiy the passphrase acquiring plugin as fstab-option, in order to allow unattended automatic mounting of fs volumes -- i.e. think of some executable/script that gathers the passphrase from some removable media, that has to be inserted into the system at boot-up time (e.g. smartcard, or even a plain old floppy disk) one might also want to be able to specify some options to pass to the passphrase-acquiral executable; that way one doesn't have to install a dozen of small binaries (or symlinks to the same one, and having to discriminate on argv[0]), just have slightly different behaviours so the mount line above might look something like: mount -o loop,encryption=aes-cbc-128,key_exec=/sbin/get_and_hash_passphrase,key_args=sha256 /home/sluskyb/testloop /mnt/testloop one could prepend some default arguments before the user-defined ones, such as mountpoint, selected encryption algo/params (in order to allow for more control about how to fill (or pad remaining) keybits) any comments? regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@xxxxxxxxxx / Finger hvr@xxxxxxx for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
