[dm-crypt] Option "validate passphrase" for command cryptsetup

Arno Wagner arno at wagner.name
Wed Jun 20 03:13:23 CEST 2012


Good discussion here, I like it! 

I prefer --test-passphrase, as it does not have the
general ring of --dry-run. With --dry-run, people
would rightfully expect to be able to use it everywhere.

Just let me know what the final decision is and I will
add it to the man-page.

Arno

On Tue, Jun 19, 2012 at 06:14:00PM +0200, Milan Broz wrote:
> On 06/19/2012 05:04 PM, jonas wrote:
> 
> > if I'm not wrong, one difference between Louis' suggestion and the way 
> > you implemented it is, that the former works with active devices, and 
> > the latter doesn't, right?
> 
> No, it is exactly the same. It works even for active devices.
> (Check for active device is later.)
> 
> > I like the idea of a --dry-run option which works for all commands, 
> > just like a simulation mode. But as well I like the idea of a command 
> > for key validation, which takes the same commandline options as 
> > luksOpen, and simply verifies whether the given key (passphrase, 
> > keyfile, whatever) is valid.
> 
> Well, universal --dry-run is nice idea but I am not going to implement it now.
> (and I would perhaps do it differently - do everything as is except final
> on-disk metadata update or in-kernel device change.)
> 
> 
> Well, I have local commit renaming this luksOpen option to --test-passphrase.
> If there are no other suggestions for today, I'll commit it.
> 
> Milan
> (grumbling something about bikeshedding :-)
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list