On Fri, May 10, 2013 at 12:32:14AM +0100, Alasdair G Kergon wrote: > The rest of the tools try to be careful to track any memory into which the > passphrase or key is written and to wipe that memory before freeing it.
What kind of scenario are you trying to cover here? When an adversary can read the main memory of the system she can read the keys directly. The current cryptsetup scripts move the pass phrase via a pipe. How do you wipe the memory in the kernel used to pass the phrase? > Your proposal could document cases where this isn't done so users > are aware. Documentation definitely does not hurt here. Note that the remote unlock procedure implemented in the dropbear package suffers from the very same issue. Note that I do not believe that this early pass phrase reading tool should be enabled by default. It only works reliably in the case where there is only one encrypted device and all it does is save the user possibly a few seconds. It really is an optimization not needed by everyone. I would only enable it on machines where it makes a difference to me. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org