[dm-crypt] Option "validate passphrase" for command cryptsetup

Milan Broz gmazyland at gmail.com
Tue Jun 19 18:14:00 CEST 2012


On 06/19/2012 05:04 PM, jonas wrote:

> if I'm not wrong, one difference between Louis' suggestion and the way 
> you implemented it is, that the former works with active devices, and 
> the latter doesn't, right?

No, it is exactly the same. It works even for active devices.
(Check for active device is later.)

> I like the idea of a --dry-run option which works for all commands, 
> just like a simulation mode. But as well I like the idea of a command 
> for key validation, which takes the same commandline options as 
> luksOpen, and simply verifies whether the given key (passphrase, 
> keyfile, whatever) is valid.

Well, universal --dry-run is nice idea but I am not going to implement it now.
(and I would perhaps do it differently - do everything as is except final
on-disk metadata update or in-kernel device change.)


Well, I have local commit renaming this luksOpen option to --test-passphrase.
If there are no other suggestions for today, I'll commit it.

Milan
(grumbling something about bikeshedding :-)


More information about the dm-crypt mailing list