![]() |
2014-01-13
, 02:32
|
Posts: 8 |
Thanked: 13 times |
Joined on Dec 2009
|
#2
|
![]() |
2014-02-20
, 18:41
|
Posts: 21 |
Thanked: 19 times |
Joined on Oct 2011
@ Germany/Siegen
|
#3
|
For me it seems most people are using the plain cryptsetup password prompt via fbcon. Clean but tiny.
I've modified some script from BackupMenu (by RobbieThe1st) to satisfy my needs of some fancier password prompt. See the attached Screenshot (btw: yes, it's a photo. I don't know how to dump the framebuffer while booting...)
I didn't built it rock stable, it's more or less alpha state. But it's doing its job fine for me.
How to install:
Instead of running cryptsetup directly inside /etc/init.d/rcS I added the following to the file. Place it where cryptsetup is called in most of the "how to encrypt your home and mydocs"-howtos:
A password hash is needed (execute line by line, don't copy&paste the whole block into a shell!):
Review your /root/.ash_history afterwards! Both passwords, for home and mydocs, have to be the same. There's only one prompt for one password.
The hash is used to prompt for the password another time if the last one wasn't the right one. I decided to do it this way because I don't want to wait for cryptsetup for every wrongly typed password and this way I can afterwards call cryptsetup two times consecutively with the correct password (for home and mydocs). (Security isn't reduced that much because sha3 is for one thing a strong hash and and for the other thing most of the collisions found in the one way hash won't decrypt the luks key, but only the single real one used to generate the hash. Brute forcing all possible passwords is still less expensive than with LUKS and all of it's many hash-iterations!)
Don't forget to let some backup procedure inside rcS for emergency cases. If you use special characters in your password there's a chance to not be able to decrypt it this way. Default keyboard layout for deluks.sh is english/us.
I had the following inside rcS before and after deluks.sh, for debugging reasons:
For capitals and special keys, please note: alt/shift keys must be pressed one at a time. Like with BootMenu.
The fbcon module should not be needed (I think - I still load it in /sbin/preinit).
And at long last: If there are better ways to do so, please tell me. I'll switch over by myself. :-D
Last edited by hede; 2013-11-19 at 11:25.