[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Typing LUKS passphrase only once and a possible solution
|
From: |
Thomas Albers |
|
Subject: |
Re: Typing LUKS passphrase only once and a possible solution |
|
Date: |
Wed, 07 Jul 2021 20:29:37 +0200 |
|
User-agent: |
mu4e 1.4.15; emacs 27.2 |
Hello Tobias,
Thank you for your answer.
>
> Well, so is a field to add crypsetup-specific command-line arguments.
>
> Abstracting this into meaningful field names like key-file is better
> from a readability point of view and allows implementation details
> like ‘we simply invoke cryptsetup’ to remain properly hidden from
> view.
>
> Because naturally, one day cryptsetup will be rewritten in Guile.
>
My idea was for this parameter to be also used for other mapping
devices. This assumes there is always an underlying program being used,
but if the final goal is to replace cryptsetup with scheme code, then
there isn't really a point to it.
>
> I think it could still be a plain string passed straight to
> cryptsetup, with the user responsible for its existence.
>
I am not really sure if a string would be the best solution though. The
key-file is a binary one. But you are right, there doesn't seem to be
much point in hiding the key-file. If someone has a program capable of
reading the file and getting it out of your computer, then there is
nothing stopping this person from accesing all of your files regardless
of encryption.
>
> You can force access to unexported symbols using (@@ (name of module)
> symbol). It's as recommended as it sounds. Nor can you rewrite parts
> of compiled procedures AFAIK.
>
This will come in handy while experimenting but it sounds like something
to be avoided, as it would be too dependant on the underlying code.
Regards,
Thomas Albers Raviola