-p with GELI
Christian Baer
christian.baer at informatik.uni-dortmund.de
Wed Feb 8 14:01:38 PST 2006
On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote:
> The '-p' option is gbde(8) is actually only for debug purposes, as other
> users can see it in ps(1) output (if not configured otherwise) and the
> passphrase will be logged via audit mechanism which is currenty merged
> to the tree.
Oops! Doesn't sound to productive if security is an issue. :-)
> What you want to use is '-k' option.
> If you really know what you're doing you can do something like this:
Hmm, I thought the keyfile and the passphrase were treated differently.
Does that mean they are exchangeable, i.e. if I init the provider with a
passphrase I can attach it with a keyfile of the same content as the
passphrase?
> I suggest not to use the same passphrase for all providers.
> You can always do something like:
>
> pass_da0=3D`echo "0${passphrase}0" | sha256`
> pass_da1=3D`echo "1${passphrase}1" | sha256`
> pass_da2=3D`echo "2${passphrase}2" | sha256`
For that to be of any real good[1], the script would have to be on an
encrypted provider - preferably with a *completely* different passphrase
(and as a result a completely different key) itself. But if the attacker
can analyse this script, then a brute forcing the ${passphrase} will grant
access to all providers.
Or am I missing the point here completely?
Regards
Chris
[1] I assume you are trying to prevent that if a brute force attack at
the passphrase works for ad0, the attacker will have the passphrase for
the other providers too.
More information about the freebsd-geom
mailing list