From: Fruhwirth Clemens <clemens@endorphin.org>
To: Christopher Warner <chris@servertogo.com>
Cc: Matt Mackall <mpm@selenic.com>,
Christophe Saout <christophe@saout.de>,
christopher@kernelcode.com,
linux-kernel <linux-kernel@vger.kernel.org>,
dm-crypt@saout.de, Alasdair G Kergon <agk@redhat.com>
Subject: Re: dm-crypt crypt_status reports key?
Date: Thu, 03 Feb 2005 16:17:16 +0100 [thread overview]
Message-ID: <1107443836.15236.65.camel@ghanima> (raw)
In-Reply-To: <1107425749.9294.56.camel@linux-cw>
[-- Attachment #1: Type: text/plain, Size: 773 bytes --]
On Thu, 2005-02-03 at 05:15 -0500, Christopher Warner wrote:
> On Thu, 2005-02-03 at 15:18 +0100, Fruhwirth Clemens wrote:
> >
> > Keys are handed to dm-crypt regularly the first time. But when dm-crypt
> > hands keys back to user space, it uses some sort of blinding to make the
> > keys meaningless for user space.
> I've been following this thread and i'm clearly at a loss as to how any
> of this will prevent someone from writing a util to get the key?
This is not about trying to hide something which cannot be hidden.
See http://lkml.org/lkml/2005/2/2/256 . It's about a design that can
cope with unintentional program/user errors. Think of it as a trigger
safety.
--
Fruhwirth Clemens <clemens@endorphin.org> http://clemens.endorphin.org
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-02-03 15:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 21:19 dm-crypt crypt_status reports key? Matt Mackall
2005-02-02 23:50 ` Alasdair G Kergon
2005-02-03 1:00 ` Matt Mackall
2005-02-03 21:53 ` Pavel Machek
2005-02-03 1:33 ` Christophe Saout
2005-02-03 1:52 ` Matt Mackall
2005-02-03 2:34 ` Christophe Saout
2005-02-03 4:05 ` Matt Mackall
2005-02-03 13:07 ` Christophe Saout
2005-02-03 14:18 ` Fruhwirth Clemens
2005-02-03 10:15 ` Christopher Warner
2005-02-03 15:17 ` Fruhwirth Clemens [this message]
2005-02-03 14:47 ` Andries Brouwer
2005-02-03 15:00 ` Fruhwirth Clemens
2005-02-04 13:27 ` [dm-crypt] " Fruhwirth Clemens
2005-02-04 14:03 ` Christophe Saout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1107443836.15236.65.camel@ghanima \
--to=clemens@endorphin.org \
--cc=agk@redhat.com \
--cc=chris@servertogo.com \
--cc=christophe@saout.de \
--cc=christopher@kernelcode.com \
--cc=dm-crypt@saout.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.