la, 2009-05-23 kello 22:52 +0200, ingo.schmitt@xxxxxxxxxxxxxxxxx > that's basically possible: you would have to code a script which cats the > MAC and use it as key. But keep in mind that MAC addresses are public and > changeable with linux board tools... Also there's not a whole lot of key space there, and it's somewhat predictable unless randomized. (Plus really, you don't even have to change your mac to crack the encrypted volume, you can just iterate over the possible keys with your own software.) A somewhat better solution is to take multiple identifying pieces of information from around /proc and dmidecode for instance, and take a shaXXXsum of the bunch for the password. (Why not include the mac, but it really won't do alone.) It would still of course be safer if you could boot the machine with an USB stick in for the key material, but as long as you know the limitations of the security gained from the above, it's usable. -- Mikko Rauhala <mjr@xxxxxx> - http://www.iki.fi/mjr/blog/ The Finnish Pirate Party - http://piraattipuolue.fi/ World Transhumanist Association - http://transhumanism.org/ Singularity Institute - http://singinst.org/ --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
