[arch-projects] [initscripts] next release
Thomas Bächler
thomas at archlinux.org
Mon Nov 7 04:32:10 EST 2011
Am 06.11.2011 01:18, schrieb Heiko Baums:
>>> When automatically opening volumes, you are not supposed to use
>>> passphrases, but keyfiles.
>>
>> Yeah, I think I'll add a warning when a passphrase is used. Having
>> looked through it, that should take care of most of my gripes.
>
> Having passphrases in an unencrypted text file on the harddisk
> like /etc/crypttab is certainly not the best method. But only offering
> key files is insufficient.
Nobody talked about removing the "ASK" mode.
However, there are problems with parsing passphrases inside crypttab. If
you put your passphrase into a separate file, make sure the file has no
trailing newline and use that as a keyfile, cryptsetup will treat it as
if you entered the passphrase manually. That way, we could phase out
passphrase support in favor of keyfiles. (See 'man cryptsetup' for
details on the differences between passphrase and keyfile handling)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20111107/8efaeb59/attachment.asc>
More information about the arch-projects
mailing list