Re: [dm-crypt] two factor authentication with zuluCrypt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: ".. ink .." <mhogomchungu@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] two factor authentication with zuluCrypt
Date: Mon, 17 Oct 2011 09:50:19 +0200	[thread overview]
Message-ID: <4E9BDE3B.4090303@redhat.com> (raw)
In-Reply-To: <CAFnMBaTrcAt0LKafH27d32a3MknOLEi2n8_MSWfYVZ=psG8+-w@mail.gmail.com>

On 10/17/2011 05:44 AM, .. ink .. wrote:
> 
> I want to add the ability to create create and access volumes using
> two factors, a passphrase and a key file. What is the best way to
> achieve this?
> 
> The simplest way to do it i can think of is to read the file and then
> append the passphrase at the beginning, in the middle or at the end
> of it.
> 
> Will this be adequate? what is the best way to do this or is it a bad
> idea?

I do not think this increases security but Arno already mentioned this.
You can check various wrappers (in Debian for example) and integrate
support for smardcards etc.

But I would better to see that GUI does not implement these things,
this should be separate code.

Milan
p.s.

Btw there a lot of cleaning needed in your zulucrypt code.
It is not easy to package it - and without users in distros this make no sense.

For example your hardcoded "build" script should be replaced by qmake
(or whatever Qt world prefers today).

Another thing is loading of libcryptsetup through dlopen(). Not
only this will not work on other architectures (think /lib64) but
why you are doing this at all? There are versioned symbols,
you should link the program directly to library...
(Otherwise after upgrade in future this can do really bad things.)

...

There is great potential in some GUI similar to Truecrypt one
but your code is really not ready - don't you want better spent
time with cleaning the code?

next prev parent reply	other threads:[~2011-10-17  7:50 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-17  3:44 [dm-crypt] two factor authentication with zuluCrypt .. ink ..
2011-10-17  4:36 ` Arno Wagner
2011-10-17  7:50 ` Milan Broz [this message]
2011-10-17 14:39   ` .. ink ..
2011-10-17 15:47     ` Milan Broz
2011-10-17 16:47       ` Arno Wagner
2011-10-17 16:54         ` .. ink ..
2011-10-17 17:14       ` .. ink ..

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E9BDE3B.4090303@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=mhogomchungu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.