On Sat, 2009-02-07 at 06:31 +0100, Arno Wagner wrote: > On Fri, Feb 06, 2009 at 06:22:46PM -0800, Ross Boylan wrote: > > I am interested in encrypting some, but not all, of my partitions. If I > > use the same pass-phrase for each partition, will I only have to answer > > one prompt to unlock all of them? > > Only if you write a wrapper that does all the individual calls > per partition with this one passphrase. > > > Actually, when and how do I have to supply the pass-phrase? > > Whne you call cryptsetup. > I thought it was LUKS that was doing this. > > I've > > encrypted the whole disk before, and I get prompted at boot time. > > http://www.saout.de/tikiwiki/tiki-index.php?page=HOWTO makes it sound as > > if the story is the same for partitions, at least if I > > configure /etc/fstab and /etc/crypttab a certain way. > > Depends on your distro, I guess. Behind the stage, there is allways > a call to cryptsetup (or equivalend direct decive-mapper operations). > The question at boot time is just a wrapper-script. > > What potential automatisation is already in place depends on > your distribution. > > To give you an idea how cryptsetup works: In order > to set-up /dev/sda5 with passphrase "abcd", and the > decrypted device mappet to /dev/mapper c5, and mounted > on /mnt do the following: > > prompt> cryptsetup create c5 /dev/sda5 > <asks interactively for passphrase> > ptompt> mount /dev/mapper/c5 /mnt > > You can also pipe in the passphrase: > > echo "abcd" | cryptsetup create c5 /dev/sda5 > > You shouold not do this on the prompt except for experiments. > The problem is thet the passphrase will end up in the shell > history and likely on disk. Not good. > > In any case the passphrase will end up in memory, but there is > not really a lot that can be done about it. The usual hope is that > the input/file buffers will be overwritten pretty fast anyways. > The second thong is that getting it from memory would likely > require root access and that people with root access can simply > install a backdoor and wait for you to enter your passphrase.... > > Arno --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
