[PATCH] ecryptfs-setup-confidential: default to random mount passphrase Per lengthy discussions on IRC [1], this patch changes the behavior such that interactive prompting for a mount passphrase will allow a user to just hit enter and have a random one generated (128 bits of random data from /dev/urandom, converted into a hex string).
An accentuated message will be printed to standard out, informing the user that they should record that passphrase somewhere secure, and that losing that passphrase could yield their encrypted data inaccessible later. I did not add a command line option for randomly generating the passphrase. I think it's reasonable for any wrapping utilities (such as adduser) to generate the random passphrase (by the same or different mechanisms) and pass that in as a parameter. [1] http://irclogs.ubuntu.com/2008/06/10/%23ubuntu-server.html Signed-off-by: Dustin Kirkland <[EMAIL PROTECTED]>
--- ecryptfs-setup-confidential.orig 2008-06-10 15:57:08.276279465 -0500 +++ ecryptfs-setup-confidential 2008-06-10 16:47:28.240262827 -0500 @@ -100,10 +100,11 @@ if [ -z "$LOGINPASS" ]; then fi if [ -z "$MOUNTPASS" ]; then - read -p "Enter your mount passphrase: " -r MOUNTPASS + read -p "Enter your mount passphrase [leave blank to generate one]: " -r MOUNTPASS if [ -z "$MOUNTPASS" ]; then - echo "ERROR: You must provide a mount passphrase" - usage + # Pull 128 bits of random data from /dev/urandom, and convert + # to a string of 32 hex digits + MOUNTPASS=`head -c 16 /dev/urandom | od -x | head -n 1 |sed "s/^0000000//" | sed "s/\s*//g"` fi fi @@ -151,6 +152,12 @@ echo "This script will attempt to set up echo "$MOUNTPOINT with eCryptfs automatically on login," echo "using your login passphrase." echo +echo "************************************************************************" +echo "YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:" +echo "$MOUNTPASS" +echo "THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME." +echo "************************************************************************" +echo ###############################################################################
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ eCryptfs-devel mailing list eCryptfs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
