Put that in a wrapper. It can be circumvented easily anyways. (Make a backup for the LUKS header. For non-LUKS self-destruct is infeasible.) Having this in the standard distribution is a catastrophe waiting to happen. Arno On Wed, Jul 15, 2009 at 10:23:30AM +0000, Matt Rosales wrote: > On a somewhat related note, I was thinking it would be cool to build in a > self-destruct mechanism into cryptsetup- IE if a specific password is > entered twice, have it destroy the keyblock of the encrypted disk. Thoughts? > > On Tue, Jul 14, 2009 at 3:19 PM, Robert Lummis <robert.lummis@xxxxxxxxx>wrote: > > > OK I guess I need to be using LUKS. That's fine. > > > > I don't see what's to explore about /dev/mapper/$x. If I give the > > wrong passphrase the expected file name still appears there with the > > expected permissions. The only way I see to find out if the passphrase > > was ok is to try to read it. That's not so terrible but seems kinda > > lame. > > > > On Tue, Jul 14, 2009 at 4:21 AM, Roscoe<eocsor@xxxxxxxxx> wrote: > > >> I would like a way to tell cryptsetup to fail completely (don't change > > >> anything and return non-zero) if the passphrase is wrong. Is that > > >> possible? > > > > > > Sure, start using LUKS :) > > > > > > Otherwise, AFAIK without LUKS there is no way for cryptsetup to tell. > > > (The normal workaround for this being to then inspect /dev/mapper/$x > > > for a known filesystem afterwards.) > > > > > > -- Roscoe > > > > > > --------------------------------------------------------------------- > > > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > > > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > > > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > > > > > > > > > > > > > -- > > Robert Lummis > > > > --------------------------------------------------------------------- > > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > > > > > > -- > matt@xxxxxxxxxxxxxxx > GPG Key ID: 113828CC -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
