Pipes password from kdialog to geli attach
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sun Sep 23 08:26:46 PDT 2007
On Sat, Sep 22, 2007 at 10:56:17PM +0600, yarodin wrote:
> init:
> password=`kdialog --password "Enter the password"`
> echo $password|sha256|geli init -s 4096 -P -K - /dev/ad0s1e
>
> atach:
> password=`kdialog --password "Enter the password"`
> echo $password|sha256|geli attach -p -k - /dev/ad0s1e
>
> Is it very unsecure? May be a better method exists?
It depends. Most (if not all) shells have echo command built-in, so
noone will see 'echo <password>' in ps(1) output, although, maybe simply
do:
kdialog --password "Enter the password" | geli attach -p -k - /dev/ad0s1e
?
BTW. sha256 is not needed.
Also, as it was mentioned, keyfiles are not preprocessed by PKCS#5v2,
but this is a good example why it's worth adding such functionality.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20070923/e56825fc/attachment.pgp
More information about the freebsd-geom
mailing list