From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id o9AWb48FlR1E for <dm-crypt@saout.de>;
 Thu, 14 Feb 2013 17:57:32 +0100 (CET)
Received: from mail-ea0-f180.google.com (mail-ea0-f180.google.com
 [209.85.215.180])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu, 14 Feb 2013 17:57:31 +0100 (CET)
Received: by mail-ea0-f180.google.com with SMTP id c1so998665eaa.11
 for <dm-crypt@saout.de>; Thu, 14 Feb 2013 08:57:31 -0800 (PST)
Message-ID: <511D1777.6020308@gmail.com>
Date: Thu, 14 Feb 2013 17:57:27 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <CAFnMBaRFi3TtQxj3nw6rgfiFmQ4kOiRUAiUJsV7ZacA2xTiAxw@mail.gmail.com>
 <511CE9F5.60708@gmail.com>
 <CAFnMBaQUk+Ufr37njvwsUa3g-F=Fiz_mVtGNKoy=fZJJ+9zDjg@mail.gmail.com>
In-Reply-To: <CAFnMBaQUk+Ufr37njvwsUa3g-F=Fiz_mVtGNKoy=fZJJ+9zDjg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open
 truecrypt volume if the key is large enough
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: ".. ink .." <mhogomchungu@gmail.com>
Cc: dm-crypt@saout.de

On 02/14/2013 05:39 PM, .. ink .. wrote:
> 
> wouldnt it be better to just cut off the key at the 65th character
> instead of failing out?

> I did a test here.and I created a truecrypt volume with a key of 70
> characters and truecrypt created the volume and could open it but
> cryptsetup failed to open the volume.

which version? I tried it on some latest GUI and it did not allow me
to enter more than 64 chars.
But yes, trim passphrase and add warning message in verbose mode is perhaps better.

I do not like it but if it is how it is handled there...

> truecrypt seem to handle a key with longer length and use only the
> length it needs and i think cryptsetup should do the same.It will be
> odd to users of cryptsetup when their passphrase works with truecrypt
> but fail with cryptsetup

Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog:

"* The maximum volume password length has been decreased from 100 to 64 characters.
This was necessary to avoid the following: When a password longer than 64 characters
was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant
160-bit value was then used instead of the original password (which complies with
HMAC-SHA-1 specification), thus the password length was in fact reduced."

Milan