| 1 |
Alle 13:53, domenica 31 luglio 2005, Alexander Skwar ha scritto: |
| 2 |
> |
| 3 |
> How? |
| 4 |
> |
| 5 |
> /bin/crypsetup < file-with-passphrase |
| 6 |
> |
| 7 |
> Where does the attacker see the passphrase? |
| 8 |
> |
| 9 |
> Oh. You took my example way too literally. *echo*ing the password |
| 10 |
> is an extremely bad idea. You're of course right. But in reality |
| 11 |
> I of course don't do that. Further, I said, that the password can |
| 12 |
> be piped to cryptsetup. |
| 13 |
|
| 14 |
I did it: |
| 15 |
I wrote in /etc/con.d/local.start: |
| 16 |
echo |
| 17 |
ebegin "Loading Shared device" |
| 18 |
/root/cshared.sh |
| 19 |
eend $? "Failed to load Shared device" |
| 20 |
and the script cshared.sh is: |
| 21 |
|
| 22 |
#!/bin/bash |
| 23 |
/bin/cryptsetup -h ripemd160 -c aes create disc_hda /dev/hda3 |
| 24 |
/bin/mount /shared |
| 25 |
|
| 26 |
In the boot, the system stops at the local init service and wait your |
| 27 |
password, just press enter and the system continues to boot! |
| 28 |
Luigi |
| 29 |
-- |
| 30 |
Public key GPG(0x073A0960) on http://keyserver.linux.it/ |
Archives