From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <elisapippo@tiscali.it>
Received: from cp-out12.libero.it (cp-out12.libero.it [212.52.84.112])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed,  2 Sep 2009 12:43:26 +0200 (CEST)
Received: from [10.83.0.4] (151.49.187.253) by cp-out12.libero.it (8.5.107)
	id 4A9203FC02315CBB for dm-crypt@saout.de;
	Wed, 2 Sep 2009 12:43:26 +0200
Message-ID: <4A9E4C4D.3020701@tiscali.it>
Date: Wed, 02 Sep 2009 12:43:25 +0200
From: Tommaso <elisapippo@tiscali.it>
MIME-Version: 1.0
References: <4A9B01E1.5030205@tiscali.it>	<20090901011335.GC22049@resivo.wgnet.de>	<4A9CE6B0.1070702@tiscali.it>
	<20090901093425.GD6333@resivo.wgnet.de>
In-Reply-To: <20090901093425.GD6333@resivo.wgnet.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Help: after crypttab modify > begin: waiting for
 root file system
Reply-To: elisapippo@tiscali.it
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Jonas Meurer wrote:
> yes, that's exactly what passdev is meant for.

Problem solved indeed, passdev works :)


> that really sounds weird. if the unlocked device _is_ the same for both
> passphrases, then it will behave similar. thus i don't see how issues
> with network should be related to the used keyslot.

Ok, maybe I got it, but maybe you won't like the answer.

The error I was getting with the new passphrase was:

    ADDRCONF(NETDEV_UP): eth1: link is not ready


I found many topics about, and I discovered that this is an issue of a
bad renaming of the network interfaces, see i.e.
http://marc.info/?l=debian-user&m=114369893509924&w=2

In fact I have two NICs on the server, one of which (eth0) is not used
(hasn't got even a cable). So it seems that, due to the dynamic
remapping of the interfaces at boot, if I insert the old passphrase the
interface names are right, but if I change the passphrase, probably
because of some kind of variation in the entropy pattern of the system,
the names are swapped. I solved this issue installing ifrename and
managing the interfaces name according to their MAC.

HOWEVER: if this is the case (that is, if the cause of the name swapping
is due to the passphrase inserted for cryptsetup), I believe it's not a
good thing. It would indicate some kind of fixed entropy pattern
variation according to a given passphrase, probably not a desiderable
behaviour in regard to the security of encrypted filesystems.

I also addressed this issue on
http://forums.debian.net/viewtopic.php?f=10&t=44690

Thank you :)