1 |
Alle 13:53, domenica 31 luglio 2005, Alexander Skwar ha scritto: |
2 |
> |
3 |
> How? |
4 |
> |
5 |
> /bin/crypsetup < file-with-passphrase |
6 |
> |
7 |
> Where does the attacker see the passphrase? |
8 |
> |
9 |
> Oh. You took my example way too literally. *echo*ing the password |
10 |
> is an extremely bad idea. You're of course right. But in reality |
11 |
> I of course don't do that. Further, I said, that the password can |
12 |
> be piped to cryptsetup. |
13 |
|
14 |
I did it: |
15 |
I wrote in /etc/con.d/local.start: |
16 |
echo |
17 |
ebegin "Loading Shared device" |
18 |
/root/cshared.sh |
19 |
eend $? "Failed to load Shared device" |
20 |
and the script cshared.sh is: |
21 |
|
22 |
#!/bin/bash |
23 |
/bin/cryptsetup -h ripemd160 -c aes create disc_hda /dev/hda3 |
24 |
/bin/mount /shared |
25 |
|
26 |
In the boot, the system stops at the local init service and wait your |
27 |
password, just press enter and the system continues to boot! |
28 |
Luigi |
29 |
-- |
30 |
Public key GPG(0x073A0960) on http://keyserver.linux.it/ |