From: Martin Olsson <martinolsson311@yahoo.com>
To: "Michael Kjörling" <152cc69a347e@ewoof.net>
Cc: cryptsetup@lists.linux.dev
Subject: Re: Password hash as LUKS key
Date: Mon, 20 Mar 2023 18:06:42 +0100 [thread overview]
Message-ID: <20230320170642.dscsp2nlqos55cpk@debian64.Core> (raw)
In-Reply-To: <06e718ed-b377-4b8d-b1f1-31abd40a4dc7@home.arpa>
On Wed, Mar 15, 2023 at 08:35:05PM +0000, Michael Kj�rling wrote:
> Aside from that already mentioned by Grzegorz Szymaszek, a more
> general question: what leads you to believe that you can give the
> output from mkpasswd (which at least on Debian is provided by the
> "whois" package) to cryptsetup (provided by the "cryptsetup-bin"
> package) and have the mkpasswd output be recognized by cryptsetup as
> being somehow special?
> A quick web search for the two didn't reveal anything obvious
> connecting the two; and the cryptsetup man page does not mention
> mkpasswd.
Oh, I was pretty certain that it wasn't going to work since like you
said it isn't documented anywhere. So I just assumed it wasn't supported
but then Arno replied:
>In priciple,
>this works and is supported, but interactive, pipe and
>read-from-file are all a bit different.
So I decided to give it another try. But I'm pretty sure now that Arno
misunderstood what I wanted to accomplish.
I want to encrypt the password before piping it to cryptsetup.
mkpasswd was just an example of that operation. You can also use python
for example:
python3 -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))
But as you pointed out there is nothing in cryptsetup that recognizes
the encrypted string as anything other than a normal password. I was
hoping there was an option somewhere that I could add as an argument
to my cryptsetup command.
As there is no such option I am wondering if there is another solution
to my use case:
"I want to encrypt a drive for a user and I don't want the user to send me
their password in clear text."
next prev parent reply other threads:[~2023-03-20 17:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1738775229.2387123.1678372528163.ref@mail.yahoo.com>
2023-03-09 14:35 ` Password hash as LUKS key Martin Olsson
2023-03-10 1:19 ` Arno Wagner
2023-03-15 15:11 ` Martin Olsson
2023-03-15 16:24 ` Grzegorz Szymaszek
2023-03-15 20:35 ` Michael Kjörling
2023-03-20 17:06 ` Martin Olsson [this message]
2023-03-20 18:53 ` Arno Wagner
2023-03-20 20:38 ` Michael Kjörling
2023-03-21 17:52 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230320170642.dscsp2nlqos55cpk@debian64.Core \
--to=martinolsson311@yahoo.com \
--cc=152cc69a347e@ewoof.net \
--cc=cryptsetup@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox