From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=umO1=IU=saout.de=dm-crypt-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_20,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A23D0C433DB
	for <dm-crypt@archiver.kernel.org>; Mon, 22 Mar 2021 17:00:51 +0000 (UTC)
Received: from mail.server123.net (mail.server123.net [78.46.64.186])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id DDEF06199E
	for <dm-crypt@archiver.kernel.org>; Mon, 22 Mar 2021 17:00:50 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DDEF06199E
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=telefonica.net
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de
X-Virus-Scanned: amavisd-new at saout.de
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=86.109.101.172; helo=relayout04-q02.e.movistar.es; envelope-from=robin.listas@telefonica.net; receiver=<UNKNOWN> 
Received: from relayout04-q02.e.movistar.es (relayout04-q02.e.movistar.es [86.109.101.172])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.server123.net (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Mon, 22 Mar 2021 17:57:45 +0100 (CET)
Received: from relayout04-redir.e.movistar.es (relayout04-redir.e.movistar.es [86.109.101.204])
	by relayout04-out.e.movistar.es (Postfix) with ESMTP id 4F40zr2H3Cz1yWj
	for <dm-crypt@saout.de>; Mon, 22 Mar 2021 17:57:44 +0100 (CET)
Received: from Telcontar.valinor (23.red-79-158-162.dynamicip.rima-tde.net [79.158.162.23])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: robin.listas2@telefonica.net)
	by relayout04.e.movistar.es (Postfix) with ESMTPSA id 4F40zq3gBLz10Dk
	for <dm-crypt@saout.de>; Mon, 22 Mar 2021 17:57:43 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by Telcontar.valinor (Postfix) with ESMTP id 10CC73222D7
	for <dm-crypt@saout.de>; Mon, 22 Mar 2021 17:57:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at valinor
Received: from Telcontar.valinor ([127.0.0.1])
	by localhost (telcontar.valinor [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id SjsrIzUqXn9i for <dm-crypt@saout.de>;
	Mon, 22 Mar 2021 17:57:42 +0100 (CET)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by Telcontar.valinor (Postfix) with ESMTP id 74B063222D6
	for <dm-crypt@saout.de>; Mon, 22 Mar 2021 17:57:42 +0100 (CET)
To: dm-crypt mail list <dm-crypt@saout.de>
References: <CAA2KLbZz-GMUrhzdWwsXdU3M7agw7HOV5_eo6dW26joMB4hKtQ@mail.gmail.com>
 <fe483009-b0fe-1b5a-5a3c-36039f904ac0@telefonica.net>
 <CAA2KLbbt2inBrS0BJF-8vzp_J3hdbaCpzR-XvA+792Kic2CNMA@mail.gmail.com>
From: "Carlos E. R." <robin.listas@telefonica.net>
Message-ID: <0635f77e-306d-f0ab-cabc-d32803136530@telefonica.net>
Date: Mon, 22 Mar 2021 17:57:42 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <CAA2KLbbt2inBrS0BJF-8vzp_J3hdbaCpzR-XvA+792Kic2CNMA@mail.gmail.com>
X-TnetOut-Country: IP: 79.158.162.23 | Country: ES
X-TnetOut-Information: AntiSPAM and AntiVIRUS on relayout04
X-TnetOut-MsgID: 4F40zq3gBLz10Dk.AAD7B
X-TnetOut-SpamCheck: no es spam (whitelisted), clean
X-TnetOut-From: robin.listas@telefonica.net
X-TnetOut-Watermark: 1617037064.1564@SCg3GUg8HcDARD3ov2CKPA
Message-ID-Hash: 743HCI56FCCJDG3SM46KX2YLE4OTXOH2
X-Message-ID-Hash: 743HCI56FCCJDG3SM46KX2YLE4OTXOH2
X-MailFrom: robin.listas@telefonica.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.3.2
Precedence: list
Subject: [dm-crypt] Re: Is crypttab secure to automount a partition?
List-Id: <dm-crypt.saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Post: <mailto:dm-crypt@saout.de>
List-Subscribe: <mailto:dm-crypt-join@saout.de>
List-Unsubscribe: <mailto:dm-crypt-leave@saout.de>
Content-Type: multipart/mixed; boundary="===============1192453516116957744=="

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1192453516116957744==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="ZqzWVR4vmRTEivTPZP1BmpUo9v1dVcXh7"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ZqzWVR4vmRTEivTPZP1BmpUo9v1dVcXh7
Content-Type: multipart/mixed; boundary="YCCZHTP3uUefaaOMD3VOgaYaKKghYE3kx";
 protected-headers="v1"
From: "Carlos E. R." <robin.listas@telefonica.net>
To: dm-crypt mail list <dm-crypt@saout.de>
Message-ID: <0635f77e-306d-f0ab-cabc-d32803136530@telefonica.net>
Subject: Re: [dm-crypt] Re: Is crypttab secure to automount a partition?
References: <CAA2KLbZz-GMUrhzdWwsXdU3M7agw7HOV5_eo6dW26joMB4hKtQ@mail.gmail.com>
 <fe483009-b0fe-1b5a-5a3c-36039f904ac0@telefonica.net>
 <CAA2KLbbt2inBrS0BJF-8vzp_J3hdbaCpzR-XvA+792Kic2CNMA@mail.gmail.com>
In-Reply-To: <CAA2KLbbt2inBrS0BJF-8vzp_J3hdbaCpzR-XvA+792Kic2CNMA@mail.gmail.com>

--YCCZHTP3uUefaaOMD3VOgaYaKKghYE3kx
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

On 22/03/2021 17.06, Christopher de Vidal wrote:
> That's very cool. But I get the impression from your response that ther=
e=20
> is no way to automount securely? E.g. at least one password entry is=20
> always required.

I don't see how... If you get automount working, it has to get/read the=20
key from somewhere that is accessible before mounting, and automatically.=


Maybe it could be a challenge-response questionnaire to a remote server, =

say an ssh session, and it is the remote server which sends the key. But =

if an attacker is present, he could replace the machine or the ssh=20
client with another of his own to obtain and store the key.




--=20
Cheers / Saludos,

		Carlos E. R.
		(from 15.2 x86_64 at Telcontar)


--YCCZHTP3uUefaaOMD3VOgaYaKKghYE3kx--

--ZqzWVR4vmRTEivTPZP1BmpUo9v1dVcXh7
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wmMEABEIACMWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYFjMhgUDAAAAAAAKCRC1MxgcbY1H1a+6
AJ9luiOM1l1r8FQzPkVANoSPdv/4mACdHeQiDsa4T3l3E3r3V4A+/PhBSdk=
=Ooo/
-----END PGP SIGNATURE-----

--ZqzWVR4vmRTEivTPZP1BmpUo9v1dVcXh7--

--===============1192453516116957744==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

--===============1192453516116957744==--