Hey David, On 21/12/2010 David Jacquet wrote: > thanks for clears answers. Some thoughts: first of all it is great that the > "secret" > string is not written temporarily to a disc, that was my primary concern. > Therefore I think > that the added insecurity in this case comes from the computer being stored > remotely, > not unlocked remotely. I don't see why the computer couldn't be tampered (by > hardware > or software methods) with even if it was unlock by classic means: human on > site > entering secret key. > > As for the method passfifo itself, I do not exactly know what is happening. > I am running > Ubuntu server 10.04, and there is some partly binary, partly text, script > file called > > /lib/cryptsetup/askpass > > which I _guess_ is constructed for the sole purpose of remote ssh unlock, > but I am having > difficulties getting any documentation on this file. With the Ubuntu Plymoth > startup it seems > non trivial actually getting this to work (there are some bug on this on > launchpad), but I wanted > to find out the security issues before trying the actual solution. askpass is a helper utility, intended to be used for passphrase prompting in the initramfs script. usplash and splashy support, the fifo file you're talking about, and console passphrase prompt are the main features of this utility. it's shipped with the debian and ubuntu cryptsetup package. greetings, jonas
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
