Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Automounting Truecrypt volume
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Nicias
Guru
Guru


Joined: 06 Dec 2005
Posts: 446
PostPosted: Fri Dec 30, 2011 6:30 pm    Post subject: Automounting Truecrypt volume Reply with quote
Ok, I know this is somewhat nonsense, but here is my situation. I have a truecrypt external harddrive. Right now it is moved from machine to machine when data needs to be accessed. This is inconvenient. I will be setting up a git/nfs server and want to leave the external drive plugged into the server, and always mounted.

I would like this server to be always on, and come on after reboot. That means that it must auto mount the external drive with no interaction. As I see it, there is no good way to do this. If I put the key on a usb drive or somesuch, I might as well leave it on the server, and then I might as well leave the harddrive unencrypted. So, the server needs to get some information from its environment to decrypt the harddrive. So here was my thought:
  • Leave the harddrive as it is, with a strong passphrase.
  • store the passphrase, encrypted with a second passphrase on the server.
  • that second passphrase is not stored anywhere, but rather can be dynamically created on the fly, as long as the computer is wired into the local network.

For example, right now running the following command on my laptop will show I am on my current network.
Code:

# arp | grep wlan0 | sed "s: ::g"
192.168.1.1ether95:1d:f3:29:12:23Cwlan0

So I would encrypt my already-in-use passphrase with this new one, store it on the server, and then do something like this:
Code:

# truecrypt -t --password=`gpg2 --batch --passphrase \`arp | grep wlan0 | sed "s: ::g" \` -q --no-mdc-warning -d passphrase.gpg` --mount volume.tc /mnt/shared --non-interactive

I know this isn't perfect, but I don't think in this case I can actually have my cake and eat it too. However, I would like some advice on how to improve the "dynamic passphrase" generation. The arp example is flawed in that someone could recreate the output of the arp/grep/sed combo by looking through the logs. It looks like the network is the only thing that I can use for this, is there some piece of information I could use that won't be logged? I will be on a wired network, but there is also a wireless network available (in that I have a card I could use it to pull information like ssid, etc.)
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22705
PostPosted: Fri Dec 30, 2011 10:43 pm    Post subject: Reply with quote
How often does this server get rebooted? You might be better served arranging that it not get cycled often and then just live with manually mounting the external drive in the rare case that the server was rebooted.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy