Re: Remote unlock security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey David,

On 21/12/2010 David Jacquet wrote:
> thanks for clears answers. Some thoughts: first of all it is great that the
> "secret"
> string is not written temporarily to a disc, that was my primary concern.
> Therefore I think
> that the added insecurity in this case comes from the computer being stored
> remotely,
> not unlocked remotely. I don't see why the computer couldn't be tampered (by
> hardware
> or software methods) with even if it was unlock by classic means: human on
> site
> entering secret key.
> 
> As for the method passfifo itself, I do not exactly know what is happening.
> I am running
> Ubuntu server 10.04, and there is some partly binary, partly text, script
> file called
> 
>  /lib/cryptsetup/askpass
> 
> which I _guess_ is constructed for the sole purpose of remote ssh unlock,
> but I am having
> difficulties getting any documentation on this file. With the Ubuntu Plymoth
> startup it seems
> non trivial actually getting this to work (there are some bug on this on
> launchpad), but I wanted
> to find out the security issues before trying the actual solution.

askpass is a helper utility, intended to be used for passphrase
prompting in the initramfs script. usplash and splashy support, the fifo
file you're talking about, and console passphrase prompt are the main
features of this utility.
it's shipped with the debian and ubuntu cryptsetup package.

greetings,
 jonas

Attachment: signature.asc
Description: Digital signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux