[dm-crypt] Option "validate passphrase" for command cryptsetup

jonas jonas at freesources.org
Tue Jun 19 17:04:24 CEST 2012


Hello,

Am 19.06.2012 13:26, schrieb Milan Broz:
> On 06/19/2012 12:53 PM, Louis wrote:
>> 	Hello,
>> 	for information, I wrote a small C program to check if the given
>> passphrase is correct, without doing anything on the disk. The 
>> command
>> is used this way:
>
>> 	If you think it can benefit cryptsetup, I offer to write the 
>> necessary
>> patch to include it to cryptsetup (as a "luksValidateKey" LUKS 
>> action).
>
> Special program or command is IMHO overkill, isn't enough just to add 
> option
> to cryptsetup luksOpen (--dry-run, --no-activate, whatever you 
> prefer)?

if I'm not wrong, one difference between Louis' suggestion and the way 
you implemented it is, that the former works with active devices, and 
the latter doesn't, right?

I like the idea of a --dry-run option which works for all commands, 
just like a simulation mode. But as well I like the idea of a command 
for key validation, which takes the same commandline options as 
luksOpen, and simply verifies whether the given key (passphrase, 
keyfile, whatever) is valid.

Regards,
  jonas




More information about the dm-crypt mailing list