Alle 00:13, lunedì 10 ottobre 2005, Matthias Schniedermeyer ha scritto:
> I'd say the easiest 90-95% solution would be to NOT store the key on
> the target system, but to get it from a server under YOUR control (so
> you can be e.g. sure the clock is correct) everytime the filesystem
> is mounted.
> In the easiest setup
[...]
>
> ssh <...> <programm/script which outputs key> | mount -p0 ...
This is the solution I choose to adopt. :-)
The only problem is to write down a good bash script.
Thanks.
Alle 18:43, lunedì 10 ottobre 2005, Jari Ruusu ha scritto:
> Because the "head ... | uuencode ... | head ... | tail ..." pipe
> sends a random passphrase to stdin of losetup. By default, losetup
> prompts and reads a passphrase from controlling terminal, not stdin.
> If losetup is given a "-p0" command line parameter, then losetup
> reads a passphrase from stdin.
Thanks, all clear about this question.
If you want, can explain me this procedure (from loopAES.README -
Example 2):
head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \
| losetup -p 0 -e AES128 /dev/loop3 /dev/hda666
dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null
The first encrypt the block device /dev/hda666 using a random passphrase
then, the second, fill all the partition with all zero. Is it right?
The scope is to create a "base" on which write the encrypted data?
All this to increase the safety of data encryption?
Thanks again.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
