On 2014-08-27 at 17:22, Andrei Borzenkov wrote: > On Wed, 27 Aug 2014 13:29:17 +0200 Garreau, Alexandre wrote: >> b) is there a way to set up the GRUB password and decryption key the >> same so that the GRUB password can be used by cryptomount so that I only >> enter one password once? > > Unfortunately, no —user authentication and cryptomount are not passing > any information. Could be idea for next release.
If it’s being implemented, why not just factorize creating one “prompt” command that could not only pass it’s input to cryptomount as well as GRUB unlock, but have: (a) An option to center the prompt on the screen instead of just putting it on top right, in way to make it more aesthetic, notably in graphical mode. (b) An option hardening or softenning security like making password characters appear with rounds (or dots if unicode’s not available, like Emacs does) like standard graphical prompts (or even cleartext for some who don’t care, it’d cost nothing), or to have a circle (or just a rectangle, circle is just fancy) blinking in some color as someone type characters, in another when deleting a character and another when verifying password, like i3lock does. (c) And an option to have exponential wait after password verification, with of course either a maximum that the user could set to the time the computer use to reboot, or if possible no maximum but the time to wait stocked at the same place GRUB is so that at next time GRUB can continue where it were before, so that reboot doesn’t reset it. An option to use a different algo to check the password would equally be useful. Like being able to use scrypt, which sets not only calculation limits but also memory, making it hard to achieve even to supercomputers. If some of these features are easily implementable it’d be great :D I’m currently not enough skilled to do these, so let me know if you find any of these easily implementable, and if some of you’s going to Hoping new features in next releases ^^ Thanks for work on GRUB :)
pgpHuPPJfDYMx.pgp
Description: PGP signature
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
