[dm-crypt] two factor authentication with zuluCrypt
mbroz at redhat.com
Mon Oct 17 09:50:19 CEST 2011
On 10/17/2011 05:44 AM, .. ink .. wrote:
> I want to add the ability to create create and access volumes using
> two factors, a passphrase and a key file. What is the best way to
> achieve this?
> The simplest way to do it i can think of is to read the file and then
> append the passphrase at the beginning, in the middle or at the end
> of it.
> Will this be adequate? what is the best way to do this or is it a bad
I do not think this increases security but Arno already mentioned this.
You can check various wrappers (in Debian for example) and integrate
support for smardcards etc.
But I would better to see that GUI does not implement these things,
this should be separate code.
Btw there a lot of cleaning needed in your zulucrypt code.
It is not easy to package it - and without users in distros this make no sense.
For example your hardcoded "build" script should be replaced by qmake
(or whatever Qt world prefers today).
Another thing is loading of libcryptsetup through dlopen(). Not
only this will not work on other architectures (think /lib64) but
why you are doing this at all? There are versioned symbols,
you should link the program directly to library...
(Otherwise after upgrade in future this can do really bad things.)
There is great potential in some GUI similar to Truecrypt one
but your code is really not ready - don't you want better spent
time with cleaning the code?
More information about the dm-crypt