From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jonas@freesources.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id hsIKgtSjRECi for <dm-crypt@saout.de>;
 Tue, 19 Jun 2012 18:46:21 +0200 (CEST)
Received: from mail01.freesources.org (mail01.freesources.org [80.237.252.149])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 19 Jun 2012 18:46:21 +0200 (CEST)
Received: from ip-94-79-161-2.unitymediagroup.de ([94.79.161.2]
 helo=[192.168.0.110])
 by mail01.freesources.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.69) (envelope-from <jonas@freesources.org>)
 id 1Sh1ZL-0005Vg-EG
 for dm-crypt@saout.de; Tue, 19 Jun 2012 16:46:21 +0000
Message-ID: <4FE0ACDA.8040302@freesources.org>
Date: Tue, 19 Jun 2012 18:46:18 +0200
From: Jonas Meurer <jonas@freesources.org>
MIME-Version: 1.0
References: <4FE05A32.9010402@gresille.org> <4FE061DE.5080200@gmail.com>
 <55fcb858bc6943ac636a50cf12706871@imap.freesources.org>
 <4FE0A548.7030007@gmail.com>
In-Reply-To: <4FE0A548.7030007@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Option "validate passphrase" for command cryptsetup
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hey Milan,

Am 19.06.2012 18:14, schrieb Milan Broz:
> On 06/19/2012 05:04 PM, jonas wrote:
> 
>> if I'm not wrong, one difference between Louis' suggestion and the way 
>> you implemented it is, that the former works with active devices, and 
>> the latter doesn't, right?
> 
> No, it is exactly the same. It works even for active devices.
> (Check for active device is later.)

great to hear that I was wrong ;)

>> I like the idea of a --dry-run option which works for all commands, 
>> just like a simulation mode. But as well I like the idea of a command 
>> for key validation, which takes the same commandline options as 
>> luksOpen, and simply verifies whether the given key (passphrase, 
>> keyfile, whatever) is valid.
> 
> Well, universal --dry-run is nice idea but I am not going to implement it now.
> (and I would perhaps do it differently - do everything as is except final
> on-disk metadata update or in-kernel device change.)

Now that my concerns above are proved wrong I don't consider support for
global --dry-run option that important anymore.

> Well, I have local commit renaming this luksOpen option to --test-passphrase.
> If there are no other suggestions for today, I'll commit it.
> 
> Milan
> (grumbling something about bikeshedding :-)

To make it even worse: I don't consider --test-passphrase a good name
for the option. But I don't care that much about names either.

Regards,
 jonas