[dm-crypt] Option "validate passphrase" for command cryptsetup
arno at wagner.name
Wed Jun 20 03:13:23 CEST 2012
Good discussion here, I like it!
I prefer --test-passphrase, as it does not have the
general ring of --dry-run. With --dry-run, people
would rightfully expect to be able to use it everywhere.
Just let me know what the final decision is and I will
add it to the man-page.
On Tue, Jun 19, 2012 at 06:14:00PM +0200, Milan Broz wrote:
> On 06/19/2012 05:04 PM, jonas wrote:
> > if I'm not wrong, one difference between Louis' suggestion and the way
> > you implemented it is, that the former works with active devices, and
> > the latter doesn't, right?
> No, it is exactly the same. It works even for active devices.
> (Check for active device is later.)
> > I like the idea of a --dry-run option which works for all commands,
> > just like a simulation mode. But as well I like the idea of a command
> > for key validation, which takes the same commandline options as
> > luksOpen, and simply verifies whether the given key (passphrase,
> > keyfile, whatever) is valid.
> Well, universal --dry-run is nice idea but I am not going to implement it now.
> (and I would perhaps do it differently - do everything as is except final
> on-disk metadata update or in-kernel device change.)
> Well, I have local commit renaming this luksOpen option to --test-passphrase.
> If there are no other suggestions for today, I'll commit it.
> (grumbling something about bikeshedding :-)
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt