On Tue, Aug 07, 2018 at 11:10:39PM +0100, Carles Pina i Estany wrote:
That was quite lot of fun!
Good investigation and report, thanks, yes it was fun to read too! Some time ago I added a second encrypted disk to my setup, but it is a removable one. I wanted to use the same encryption passphrase as my primary drive, so I looked into the systemd/keyctl stuff. I tried to override the timeout, because I plug in the external drive roughly once a month. (It's my offsite backup drive) I figured out one hacky way to do that, but in the meantime a friend suggested I just use a key file for the removeable drive instead, stored on the internal encrypted drive. I considered my threat model, realised that was fine, so abandoned my attempts to change the systemd/keyctl timeout. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
