On 12/28/2010 03:10 PM, Robert.Heinzmann@xxxxxxxxxxxxxxx wrote: > What I also found was, that doing a simple > > "dmsetup table --showkeys" actually shows the dm_crypt master key in > hex for the disk > > Isn't that a little bit too easy ? Should dmsetup not at least scrumble > it (xxxxx) ? That's why --showkeys is not default ;-) And all automated customer-oriented reporting systems must not use this option (see output from sosreport ot lvmdump - no key there) If you are root, you have many other ways how to get key from memory, hiding it here makes no sense. > Otherwise this information can easily leak out into ticketing systems, > support attachents etc. Nope, --showkeys must be explicitly given by user for dmsetup. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
