From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id gFTuMtfr5mDdbAAAgWs5BA (envelope-from ) for ; Thu, 08 Jul 2021 14:13:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uGKTLtfr5mA4cQAA1q6Kng (envelope-from ) for ; Thu, 08 Jul 2021 12:13:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3E76327EA9 for ; Thu, 8 Jul 2021 14:13:11 +0200 (CEST) Received: from localhost ([::1]:41146 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m1Sty-0005jy-AI for larch@yhetil.org; Thu, 08 Jul 2021 08:13:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59258) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1CGr-0001XN-UP for help-guix@gnu.org; Wed, 07 Jul 2021 14:27:42 -0400 Received: from mail-wr1-x42a.google.com ([2a00:1450:4864:20::42a]:38497) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1m1CGp-0006OC-EQ for help-guix@gnu.org; Wed, 07 Jul 2021 14:27:41 -0400 Received: by mail-wr1-x42a.google.com with SMTP id a8so4164771wrp.5 for ; Wed, 07 Jul 2021 11:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version:content-transfer-encoding; bh=LyyDxgzuXIVMV7mqF3ya0da8N5NPgyTjXwjlm+VfxFU=; b=LUVo7+IdbWS8RgJQgbZ/s1PtYFAJckDoZuFhrDWqh/IhRAK4CEQfG1pjCD2tfKNnZx 0dbbxqAhF0KKaxwtkQi2ss8kf3rwIAZ4bqBa3cw/uhnyA/XdwtcKPNbRWmKXViKIraAp DsFWvrZLrdZo0/OYg7uHRr388ZCTwtoJGiTVC3xetNWeUvbfe2D1ydHwfpLf5zqf62D6 938COoTbqmGEfjgGWqktiHEDCUZGNwGY9icwYB/ByMt7D/3Yjrhrl7Qasp7mVWZZPlqm lTYLpU/iwsk4KRHmnOraJJKu8njCRFyd56HKMog/bJPN6p26oRCS3TpQv3NgArY/Gxp9 hGFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=LyyDxgzuXIVMV7mqF3ya0da8N5NPgyTjXwjlm+VfxFU=; b=YP10lfvOYQpDhS6/ZSt8baRzwzhyNqh2DEJP6PSSWDVAGdVQLsBx2zx2WKjOJdTMQI hV2pjbAMU/Pt338rSKxk1j6xNuyuL76KJpwJV6DnZaEULIQYL3UnL1rRQNiS6zv7QM11 SYBxQEx8LyeUtydbT8wgfH/2XqtIbD9ZCGdC1MgX1IxJWubICfPOO2EREjtpn0gzM1WG 06H5pH3fOM49jxz46/p450WOWqrNeWSEFqZwe9ObwNIp9cBjCHSFbklGflkLNuCyXsXB Q5Z0Ivz2n5qKE4PwRL8J5nhwp3IP+4BIkqG6p6i8xyRs3qt+gj0T8hDjrGTMxgslEaov s2MA== X-Gm-Message-State: AOAM530OQsGWkATRmSUhR8Jw1Cbd5kET+eZ+U/KMYEs0Nt+ydxt7xE57 DBE068Cu01NzjcWWWKIhjhecoEQ5ZF9ZWg== X-Google-Smtp-Source: ABdhPJyCQ3wYJdlzZ8yHwnTWAa2ZjL2TOrvt4xizdrOfeClzydzcYHN+wyQOD40woQvWHwWSYso2BA== X-Received: by 2002:a5d:4d04:: with SMTP id z4mr29423044wrt.133.1625682457890; Wed, 07 Jul 2021 11:27:37 -0700 (PDT) Received: from laptop.gmail.com ([2a02:8109:2840:ab4:4a5d:60ff:fee6:a654]) by smtp.gmail.com with ESMTPSA id r16sm25123785wrx.63.2021.07.07.11.27.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 11:27:37 -0700 (PDT) References: <87k0m2gld3.fsf@gmail.com> <87zguygggj.fsf@nckx> User-agent: mu4e 1.4.15; emacs 27.2 From: Thomas Albers To: Tobias Geerinckx-Rice Subject: Re: Typing LUKS passphrase only once and a possible solution In-reply-to: <87zguygggj.fsf@nckx> Date: Wed, 07 Jul 2021 20:29:37 +0200 Message-ID: <87eecagepa.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::42a; envelope-from=tgalbers2000@gmail.com; helo=mail-wr1-x42a.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Thu, 08 Jul 2021 08:12:50 -0400 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1625746391; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=LyyDxgzuXIVMV7mqF3ya0da8N5NPgyTjXwjlm+VfxFU=; b=iZppLJXZCn/cFQ6YrwY/dJZnPAH4SQRgbvEoJ00HGnl8pALwzI1OXkuOdbZHZrNtOwh9AN e8scmasFwGh/YGYeuOLnEc5B1q4sclk65BnoZT7AnXwB/LzrcUO0PXE2a5E32KxugW1kb3 x6Gu7hiV9RXyj+1OMsJILydgNRpAdpwiWoyc1Ogc4yLwZn5/RpdL30cwpXWLDbiTaF1sg9 ZjMPxF505X/wKe7QGQjgjYkFRlbcbW9UD32z9jttSz4YLwkMgqqGHlhtDbAQ40Zh6eGn50 t2XFqcLIVbsHd8rO/FldeK9EM5Ke6wFOjtPKKe7K/8adNT4tmHQQEPaXeP4z/g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1625746391; a=rsa-sha256; cv=none; b=Rl0Gf7n8cKh6VeJVmr0J+I3jsLkWFy1oiKNNId0CQi9IK8qYUETIzzxRzu4HsKCK7JC+CJ sgL3T62C+681ayrqoQ5TnwIp/iPudesFS7gM/Puagt5KzdQ8PLjMTNiR153+yiWKrpClzv WM6mcLI2h5wabS9crSIKfeIxfsgXHnerkHaHObSWDJouhl4dw4vlNDhwohugXLPPn6YzhU kSgZ7flCaNwQQYjR9JkesnK0svKBQA3Ui5IFAgcWCImEh9xEY8u4rKR7js6QqWtwVRJgy5 0rL3Dx00ai5KtvkmOmddq304UZwH3otPZeKKm8ApA3TFUwBrYBYN0A79puymfA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=LUVo7+Id; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.11 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=LUVo7+Id; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 3E76327EA9 X-Spam-Score: -3.11 X-Migadu-Scanner: scn0.migadu.com X-TUID: N2mPJn6El9RO Hello Tobias, Thank you for your answer. > > Well, so is a field to add crypsetup-specific command-line arguments. > > Abstracting this into meaningful field names like key-file is better > from a readability point of view and allows implementation details > like =E2=80=98we simply invoke cryptsetup=E2=80=99 to remain properly hid= den from > view. > > Because naturally, one day cryptsetup will be rewritten in Guile. > My idea was for this parameter to be also used for other mapping devices. This assumes there is always an underlying program being used, but if the final goal is to replace cryptsetup with scheme code, then there isn't really a point to it. > > I think it could still be a plain string passed straight to > cryptsetup, with the user responsible for its existence. > I am not really sure if a string would be the best solution though. The key-file is a binary one. But you are right, there doesn't seem to be much point in hiding the key-file. If someone has a program capable of reading the file and getting it out of your computer, then there is nothing stopping this person from accesing all of your files regardless of encryption. > > You can force access to unexported symbols using (@@ (name of module) > symbol). It's as recommended as it sounds. Nor can you rewrite parts > of compiled procedures AFAIK. > This will come in handy while experimenting but it sounds like something to be avoided, as it would be too dependant on the underlying code. Regards, Thomas Albers Raviola