Hi,
I wonder how secure it would be to hardcode a password and just use the
saltfile to decrypt a partition? The saltfile would be located on an USB
stick and the partition could automatically be mounted when the stick
gets plugged in, using hotplugd.
I used a md5sum as password example here.
See example diff below.
--- usr.sbin/vnconfig/vnconfig.c.orig Wed Jan 24 10:50:09 2007
+++ usr.sbin/vnconfig/vnconfig.c Wed Jan 24 10:56:25 2007
@@ -143,7 +143,8 @@
rounds = strtonum(arg, 1000, INT_MAX, &errstr);
if (errstr)
err(1, "rounds: %s", errstr);
- key = getpass("Encryption key: ");
+// key = getpass("Encryption key: ");
+ key = "e715ae86932cf0cc5cafdf353c0426ac";
if (!key || strlen(key) == 0)
errx(1, "Need an encryption key");
strncpy(keybuf, key, sizeof(keybuf));
Also, I am wondering, what is the best value for ROUNDS to use, is there
any good documentation about that somewhere?
- Michael
