From: Milan Broz <gmazyland@gmail.com>
To: ".. ink .." <mhogomchungu@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough
Date: Thu, 14 Feb 2013 17:57:27 +0100 [thread overview]
Message-ID: <511D1777.6020308@gmail.com> (raw)
In-Reply-To: <CAFnMBaQUk+Ufr37njvwsUa3g-F=Fiz_mVtGNKoy=fZJJ+9zDjg@mail.gmail.com>
On 02/14/2013 05:39 PM, .. ink .. wrote:
>
> wouldnt it be better to just cut off the key at the 65th character
> instead of failing out?
> I did a test here.and I created a truecrypt volume with a key of 70
> characters and truecrypt created the volume and could open it but
> cryptsetup failed to open the volume.
which version? I tried it on some latest GUI and it did not allow me
to enter more than 64 chars.
But yes, trim passphrase and add warning message in verbose mode is perhaps better.
I do not like it but if it is how it is handled there...
> truecrypt seem to handle a key with longer length and use only the
> length it needs and i think cryptsetup should do the same.It will be
> odd to users of cryptsetup when their passphrase works with truecrypt
> but fail with cryptsetup
Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog:
"* The maximum volume password length has been decreased from 100 to 64 characters.
This was necessary to avoid the following: When a password longer than 64 characters
was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant
160-bit value was then used instead of the original password (which complies with
HMAC-SHA-1 specification), thus the password length was in fact reduced."
Milan
next prev parent reply other threads:[~2013-02-14 16:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-14 11:44 [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough .. ink ..
2013-02-14 13:43 ` Milan Broz
2013-02-14 16:39 ` .. ink ..
2013-02-14 16:57 ` Milan Broz [this message]
2013-02-14 17:06 ` .. ink ..
2013-02-15 9:01 ` Milan Broz
2013-02-15 11:51 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=511D1777.6020308@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=mhogomchungu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.