On Thu, 07 Dec 2006, Stefan Denker wrote: > On Mon, Dec 04, 2006 at 09:25:38PM +0200, Ratiu Petru wrote: > > What I'm thinking is to provide a static string as a challenge and use the > > response as the cryptodevice password, but I can't find a program that > > allows me to manipulate the socket this way. This mechanism might also be > > used for other purposes, stacking public key authentication in a "normal" > > password-based login. > > I do not think this is a good idea. If the challenge is static, the > response will be, too. Then you might be vulnerable to replay-Attacks. > I perfectly understand. However, I _need_ a static password for cryptsetup, i just wanted to make it somehow dependent of the agent to skip prompting for it in the backup script. I am aware of the fact that someone who knows the password can mount the cryptsetup directly, I can't improve that.
I found somewhere a script that was supposed to use ssh-agent like I wanted to (encrypt stuff through it), but all it did was to crash my agent :) The gpg-agent is a nice idea too, but we already have an existing ssh infrastructure and not all guys involved have gpg keys, so I'm trying to avoid that if possible. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]