[dm-crypt] Option "validate passphrase" for command cryptsetup

jonas jonas at freesources.org
Tue Jun 19 17:04:24 CEST 2012


Am 19.06.2012 13:26, schrieb Milan Broz:
> On 06/19/2012 12:53 PM, Louis wrote:
>> 	Hello,
>> 	for information, I wrote a small C program to check if the given
>> passphrase is correct, without doing anything on the disk. The 
>> command
>> is used this way:
>> 	If you think it can benefit cryptsetup, I offer to write the 
>> necessary
>> patch to include it to cryptsetup (as a "luksValidateKey" LUKS 
>> action).
> Special program or command is IMHO overkill, isn't enough just to add 
> option
> to cryptsetup luksOpen (--dry-run, --no-activate, whatever you 
> prefer)?

if I'm not wrong, one difference between Louis' suggestion and the way 
you implemented it is, that the former works with active devices, and 
the latter doesn't, right?

I like the idea of a --dry-run option which works for all commands, 
just like a simulation mode. But as well I like the idea of a command 
for key validation, which takes the same commandline options as 
luksOpen, and simply verifies whether the given key (passphrase, 
keyfile, whatever) is valid.


More information about the dm-crypt mailing list