Am 06.11.2011 01:18, schrieb Heiko Baums:
When automatically opening volumes, you are not supposed to use passphrases, but keyfiles.
Yeah, I think I'll add a warning when a passphrase is used. Having looked through it, that should take care of most of my gripes.
Having passphrases in an unencrypted text file on the harddisk like /etc/crypttab is certainly not the best method. But only offering key files is insufficient.
Nobody talked about removing the "ASK" mode. However, there are problems with parsing passphrases inside crypttab. If you put your passphrase into a separate file, make sure the file has no trailing newline and use that as a keyfile, cryptsetup will treat it as if you entered the passphrase manually. That way, we could phase out passphrase support in favor of keyfiles. (See 'man cryptsetup' for details on the differences between passphrase and keyfile handling)