[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATCH 2/2: external hashing program use in losetup

To: Ben Slusky <sluskyb@paranoiacs.org>
Subject: Re: PATCH 2/2: external hashing program use in losetup
From: Herbert Valerio Riedel <hvr@hvrlab.org>
Date: Wed, 06 Aug 2003 09:35:53 +0200
Cc: Andries.Brouwer@cwi.nl, linux-crypto@nl.linux.org
In-Reply-To: <20030806020011.GA2405@fukurou.paranoiacs.org>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: HVRLAB
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <20030804050818.GB2136@fukurou.paranoiacs.org> <20030804060148.GC2136@fukurou.paranoiacs.org> <20030806020011.GA2405@fukurou.paranoiacs.org>
Sender: linux-crypto-bounce@nl.linux.org

On Wed, 2003-08-06 at 04:00, Ben Slusky wrote:
> Ok, this time for sure.
> 
> To recap, since linux-crypto seems to have dropped the other email due to
> its size, this patch allows losetup and mount to use an external program
> to hash the password. The program is specified using the -P option to
> losetup or mount, like so:
> 
> losetup -e aes-cbc-128 -P sha256prog /dev/loop/10 /home/sluskyb/testloop
> or

> mount -o loop,encryption=aes-cbc-128 -P sha256prog /home/sluskyb/testloop /mnt/testloop

this looks a bit inconsistent, since the encryption algorithm is passed
as -o option, while the hashing filter is passed completely different;
one might really want to be able to specifiy the passphrase acquiring
plugin as fstab-option, in order to allow unattended automatic mounting
of fs volumes -- i.e. think of some executable/script that gathers the
passphrase from some removable media, that has to be inserted into the
system at boot-up time (e.g. smartcard, or even a plain old floppy disk)

one might also want to be able to specify some options to pass to the
passphrase-acquiral executable; that way one doesn't have to install a
dozen of small binaries (or symlinks to the same one, and having to
discriminate on argv[0]), just have slightly different behaviours

so the mount line above might look something like:

mount -o loop,encryption=aes-cbc-128,key_exec=/sbin/get_and_hash_passphrase,key_args=sha256 /home/sluskyb/testloop /mnt/testloop

one could prepend some default arguments before the user-defined ones,
such as mountpoint, selected encryption algo/params (in order to allow
for more control about how to fill (or pad remaining) keybits)

any comments?

regards,
-- 
Herbert Valerio Riedel       /    Phone: (EUROPE) +43-1-58801-18840
Email: hvr@hvrlab.org       /    Finger hvr@gnu.org for GnuPG Public Key
GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748  5F65 4981 E064 883F 4142

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: PATCH 2/2: external hashing program use in losetup
  - From: Matthias Schniedermeyer <ms@citd.de>
- Re: PATCH 2/2: external hashing program use in losetup
  - From: sluskyb@stwing.upenn.edu

References:
- Re: PATCH 2/2: external hashing program use in losetup
  - From: Ben Slusky <sluskyb@paranoiacs.org>
- Re: PATCH 2/2: external hashing program use in losetup
  - From: Ben Slusky <sluskyb@paranoiacs.org>

Prev by Date: URGENT - Adobe.com password assistance (24 hour limit)
Next by Date: Re: PATCH 2/2: external hashing program use in losetup
Prev by thread: Re: PATCH 2/2: external hashing program use in losetup
Next by thread: Re: PATCH 2/2: external hashing program use in losetup
Index(es):
- Date
- Thread