Subject: questions about cgd
To: None <netbsd-users@netbsd.org>
From: Christian Baer <christian.baer@uni-dortmund.de>
List: netbsd-users
Date: 11/11/2007 16:16:20
Hi folks!
Before I really through every effort into porting our company to NetBSD,
there are a few things I need (and some I'd like) to know about the cgd.
Can the passphrase be somehow piped to cgdconfig(8) or in some other way
given to the program over the command line? Background:
I have several drives that are currently encrypted with geli from FreeBSD.
So I don't have to type the passphrase x times, I use the same passphrase,
add something different to it for every drive and send all of that through
some hash. The result of the hashing is then my passphrase. That could
look something like this:
read -p "Enter passphrase: " passphrase
passa=`echo "Secure01${passphrase}Secure01" | sha256`
passb=`echo "Secure02${passphrase}Secure02" | sha256`
echo ${passa} | geli attach -v -p -k - /dev/{whatever}
echo ${passb} | geli attach -v -p -k - /dev/{whatever}
Geli does not accept a passphrase piped to it (as you can see) but only a
keyfile. In this case that doesn't matter because the digest of the
passphrase is nearly completely random and will certainly withstand a
dictionary attack. :-)
Can this be done somehow? BTW. another good application for this would be
a graphical front end to cgdconfig or just a program that asked for the
passphrase under X.
Another question (not as important as the last one) is about hardware
support. Both Free- and OpenBSD support several cryptographic
accelerators. Is there any work underway to port these drivers to NetBSD?
And last but not least... :-)
Is there any work underway for expanding cgd like adding ciphers or modes
of opperation (like LRW)?
Regards,
Chris