[prev in list] [next in list] [prev in thread] [next in thread]
List: dm-crypt
Subject: Re: [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap
From: Jonas Meurer <jonas () freesources ! org>
Date: 2010-04-21 9:06:58
Message-ID: 20100421090658.GA4871 () resivo ! wgnet ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 21/04/2010 Heinz Diehl wrote:
> On 20.04.2010, Si St wrote:
>
> > To Heinz: Would not a pre-generated keyfile need to be opened by a passfrase?
>
> No, the keyfile itself is the "passphrase". I'm not talking about the
> master key here, what I mean is something like
>
> dd if=/dev/urandom of=keyfile bs=64 count=1
> cryptsetup luksFormat /dev/sdx /path/to/keyfile
>
> You could now e.g. do something like
>
> swap /dev/sdx /path/to/keyfile swap
>
> in your crypttab, save the keyfile somewhere on the encrypted root
> partition and open the swapspace using a bootscript after your root partition
> has been mapped. You could then backup the keyfile in a safe place and use
> it to map the swap partition manually if desired (in the scenario you
> described).
it should be noted that this setup is unsafe without encrypted root
partition.
greetings,
jonas
["signature.asc" (application/pgp-signature)]
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic