From: Martin Olsson <martinolsson311@yahoo.com>
To: "Michael Kjörling" <152cc69a347e@ewoof.net>
Cc: cryptsetup@lists.linux.dev
Subject: Re: Password hash as LUKS key
Date: Mon, 20 Mar 2023 18:06:42 +0100 [thread overview]
Message-ID: <20230320170642.dscsp2nlqos55cpk@debian64.Core> (raw)
In-Reply-To: <06e718ed-b377-4b8d-b1f1-31abd40a4dc7@home.arpa>
On Wed, Mar 15, 2023 at 08:35:05PM +0000, Michael Kj�rling wrote:
> Aside from that already mentioned by Grzegorz Szymaszek, a more
> general question: what leads you to believe that you can give the
> output from mkpasswd (which at least on Debian is provided by the
> "whois" package) to cryptsetup (provided by the "cryptsetup-bin"
> package) and have the mkpasswd output be recognized by cryptsetup as
> being somehow special?
> A quick web search for the two didn't reveal anything obvious
> connecting the two; and the cryptsetup man page does not mention
> mkpasswd.
Oh, I was pretty certain that it wasn't going to work since like you
said it isn't documented anywhere. So I just assumed it wasn't supported
but then Arno replied:
>In priciple,
>this works and is supported, but interactive, pipe and
>read-from-file are all a bit different.
So I decided to give it another try. But I'm pretty sure now that Arno
misunderstood what I wanted to accomplish.
I want to encrypt the password before piping it to cryptsetup.
mkpasswd was just an example of that operation. You can also use python
for example:
python3 -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))
But as you pointed out there is nothing in cryptsetup that recognizes
the encrypted string as anything other than a normal password. I was
hoping there was an option somewhere that I could add as an argument
to my cryptsetup command.
As there is no such option I am wondering if there is another solution
to my use case:
"I want to encrypt a drive for a user and I don't want the user to send me
their password in clear text."
next prev parent reply other threads:[~2023-03-20 17:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1738775229.2387123.1678372528163.ref@mail.yahoo.com>
2023-03-09 14:35 ` Password hash as LUKS key Martin Olsson
2023-03-10 1:19 ` Arno Wagner
2023-03-15 15:11 ` Martin Olsson
2023-03-15 16:24 ` Grzegorz Szymaszek
2023-03-15 20:35 ` Michael Kjörling
2023-03-20 17:06 ` Martin Olsson [this message]
2023-03-20 18:53 ` Arno Wagner
2023-03-20 20:38 ` Michael Kjörling
2023-03-21 17:52 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230320170642.dscsp2nlqos55cpk@debian64.Core \
--to=martinolsson311@yahoo.com \
--cc=152cc69a347e@ewoof.net \
--cc=cryptsetup@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.