On Fri, Sep 02, 2011 at 11:32:03AM +0200, Yves-Alexis Perez wrote: > On ven., 2011-09-02 at 09:29 +0200, marcin kowalski wrote: > > Are there any other authenticaton methods one could use? > > You just need a keyscript which will output the key on stdout and pipe > it to cryptsetup. > > I'm not exactly sure if there are security implications there (like if > the key could be somewhere on memory not protected or something like > that). Not really. If you are root, you can query the key anyways, see FAQ item "How do I recover the master key from a mapped LUKS container?". This is not a surprise or design defect. As root can access the whole memory (via /proc/kcore) the key cannot be hidden anyways. As to the key staying in memory from the piping, as far as I know that does not happen. I could be wrong though. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
