From: "Carlos E. R." <robin.listas@telefonica.net>
To: dm-crypt mail list <dm-crypt@saout.de>
Subject: [dm-crypt] Re: Is crypttab secure to automount a partition?
Date: Mon, 22 Mar 2021 17:57:42 +0100 [thread overview]
Message-ID: <0635f77e-306d-f0ab-cabc-d32803136530@telefonica.net> (raw)
In-Reply-To: <CAA2KLbbt2inBrS0BJF-8vzp_J3hdbaCpzR-XvA+792Kic2CNMA@mail.gmail.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 740 bytes --]
On 22/03/2021 17.06, Christopher de Vidal wrote:
> That's very cool. But I get the impression from your response that there
> is no way to automount securely? E.g. at least one password entry is
> always required.
I don't see how... If you get automount working, it has to get/read the
key from somewhere that is accessible before mounting, and automatically.
Maybe it could be a challenge-response questionnaire to a remote server,
say an ssh session, and it is the remote server which sends the key. But
if an attacker is present, he could replace the machine or the ssh
client with another of his own to obtain and store the key.
--
Cheers / Saludos,
Carlos E. R.
(from 15.2 x86_64 at Telcontar)
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]
[-- Attachment #2: Type: text/plain, Size: 147 bytes --]
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
next prev parent reply other threads:[~2021-03-22 17:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAA2KLbZz-GMUrhzdWwsXdU3M7agw7HOV5_eo6dW26joMB4hKtQ@mail.gmail.com>
2021-03-20 23:52 ` [dm-crypt] Re: Is crypttab secure to automount a partition? Carlos E. R.
2021-03-22 16:06 ` Christopher de Vidal
2021-03-22 16:57 ` Carlos E. R. [this message]
2021-03-23 9:52 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0635f77e-306d-f0ab-cabc-d32803136530@telefonica.net \
--to=robin.listas@telefonica.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).