[pkg-cryptsetup-devel] try same password on multiple disks
Jonas Meurer
jonas at freesources.org
Thu Feb 19 01:19:45 UTC 2009
Hey Ross,
On 17/02/2009 Ross Boylan wrote:
> Is there a way to get the system to retry the previous pass-phrase if
> there are multiple encrypted partitions? I set up a system with several
> encrypted partitions, using the same pass-phrase for each, in the hopes
> this would just work. It didn't; I had to enter the phrase separately
> for each disk.
In short: no, this is not supported. And it will not be in future due to
security implications.
You can either write your own keyscripts or wrappers which read the
passphrase once and give it to cryptsetup several times, or you use
the provided decrypt_derived keyscript to extract keys for second,
third, etc. encrypted device from the first one.
> Can anyone tell me if I'm on the right track, or offer any pointers?
> Are there security implications of saving the previous response in a
> variable? (I have encrypted swap).
It might be possible to do this in a secure way (and encrypted swap is
one requirement). But as said above, it's not possible to provide a
default setup with this functionality in a secure manner.
greetings,
jonas
More information about the pkg-cryptsetup-devel
mailing list