From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 13:19:08 +0100 (CET)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2FCJ7Df026659
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 08:19:07 -0400
Received: from [10.34.26.53] (tawny.brq.redhat.com [10.34.26.53])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 p2FCJ6lR005089
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 08:19:07 -0400
Message-ID: <4D7F5939.1020607@redhat.com>
Date: Tue, 15 Mar 2011 13:19:05 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <4D7E53E5.3040007@redhat.com> <20110314221329.19d588ea@gmail.com>
 <4D7E925D.2010802@redhat.com> <20110315004559.091a1b53@gmail.com>
 <20110315010242.GB23585@tansi.org> <4D7F4973.9060509@redhat.com>
 <20110315114352.GB4437@resivo.wgnet.de>
In-Reply-To: <20110315114352.GB4437@resivo.wgnet.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.3.0-rc1 (test release
	candidate)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 03/15/2011 12:43 PM, Jonas Meurer wrote:
>> I will also limit LUKS keyfile in next version, mistake will cause problems
>> (reading the whole device in locked memory -> OOPS or something like that).
>> I guess max 8MB is enough? We have already limit on passphrase from terminal
>> to 512 bytes.
>>
>> Fixed in svn already.
> 
> please document these limits properly in the manpage.

Sure. The loop aes limit was safety margin, I am really not sure which
configuration are even possible. It was set up according to documentation.

(And the reported keyfile was so nice, that it cut exactly the last
key so it detected 64 keys (v2 keyfile) instead of 65 and not failed because
of wrong key length as expected:-)

For the LUKS limit  must be documented and must not cause regressions
for people (that one is not yet limited in code, that remark above
was misleading, I just added TODO line.

Milan