On Mon, Sep 04, 2006 at 01:22:30PM +0200, Rick van Rein wrote: > I was shocked to learn that the encryption keys for dm-crypt volumes are > visible to root: > # dmsetup table swap > 0 1975932 crypt aes-cbc-plain 3132333435363738313233343536373831323334353637383132333435363738 0 3:6 0 I have made a concession in cvs. The keys are still available, but now get masked out by default. # dmsetup table swap 0 1975932 crypt aes-cbc-plain 0000000000000000000000000000000000000000000000000000000000000000 0 3:6 0 # dmsetup table --showkeys swap 0 1975932 crypt aes-cbc-plain 3132333435363738313233343536373831323334353637383132333435363738 0 3:6 0 This will be in version 1.02.13 onwards, and saves having to post-process the output of dmsetup table if you don't want the keys. Alasdair -- agk@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
