[dm-crypt] Option "validate passphrase" for command cryptsetup

Jonas Meurer jonas at freesources.org
Tue Jun 19 18:46:18 CEST 2012


Hey Milan,

Am 19.06.2012 18:14, schrieb Milan Broz:
> On 06/19/2012 05:04 PM, jonas wrote:
> 
>> if I'm not wrong, one difference between Louis' suggestion and the way 
>> you implemented it is, that the former works with active devices, and 
>> the latter doesn't, right?
> 
> No, it is exactly the same. It works even for active devices.
> (Check for active device is later.)

great to hear that I was wrong ;)

>> I like the idea of a --dry-run option which works for all commands, 
>> just like a simulation mode. But as well I like the idea of a command 
>> for key validation, which takes the same commandline options as 
>> luksOpen, and simply verifies whether the given key (passphrase, 
>> keyfile, whatever) is valid.
> 
> Well, universal --dry-run is nice idea but I am not going to implement it now.
> (and I would perhaps do it differently - do everything as is except final
> on-disk metadata update or in-kernel device change.)

Now that my concerns above are proved wrong I don't consider support for
global --dry-run option that important anymore.

> Well, I have local commit renaming this luksOpen option to --test-passphrase.
> If there are no other suggestions for today, I'll commit it.
> 
> Milan
> (grumbling something about bikeshedding :-)

To make it even worse: I don't consider --test-passphrase a good name
for the option. But I don't care that much about names either.

Regards,
 jonas



More information about the dm-crypt mailing list