From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <e36524949cde2a3e066e97ed9045e6b8@plan9.bell-labs.com>
From: "rob pike, esq." <rob@plan9.bell-labs.com>
To: 9fans@cse.psu.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: [9fans] retry with aescbc
Date: Tue, 15 Oct 2002 22:05:15 -0400
Topicbox-Message-UUID: 066c2454-eacb-11e9-9e20-41e7f4b1d025

auth/aescbc detects a bad password but generates output anyway, so
if you use it as a μsecstore you'll be disappointed the first time
you type a bad password. that is, if you
	auth/aescbc -d < lib/factotum.aes > /mnt/factotum/ctl
and get the password wrong, factotum will get delivered garbage.
here's a clumsy wrapper that addresses the issue; perhaps someone
else will find a better way.  (the need for $result is due to a
buglet in rc regarding $status at the top of a while loop.)

	# retry until good password
	ramfs -m /n/kremvax >[2] /dev/null #suppress unmount message
	result = 'failed to authenticate'
	while(~ $result *'failed to authenticate'*){
		auth/aescbc -d < lib/factotum.aes > /n/kremvax/factotum
		result = $status
	}
	cp /n/kremvax/factotum /mnt/factotum/ctl
	unmount /n/kremvax

aescbc is a little too liberal with the exit string 'failed to
authenticate' but i've asked ehg to tighten it up.

-rob