Hi,
thanks for clears answers. Some thoughts: first of all it is great that the "secret"
string is not written temporarily to a disc, that was my primary concern. Therefore I think
that the added insecurity in this case comes from the computer being stored remotely,
not unlocked remotely. I don't see why the computer couldn't be tampered (by hardware
or software methods) with even if it was unlock by classic means: human on site
entering secret key.
As for the method passfifo itself, I do not exactly know what is happening. I am running
Ubuntu server 10.04, and there is some partly binary, partly text, script file called
/lib/cryptsetup/askpass
which I _guess_ is constructed for the sole purpose of remote ssh unlock, but I am having
difficulties getting any documentation on this file. With the Ubuntu Plymoth startup it seems
non trivial actually getting this to work (there are some bug on this on launchpad), but I wanted
to find out the security issues before trying the actual solution.
David
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
