From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5JYCs543ANU for ; Thu, 14 Feb 2013 12:51:00 +0100 (CET) Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 14 Feb 2013 12:50:59 +0100 (CET) Received: by mail-ie0-f178.google.com with SMTP id c13so3025865ieb.37 for ; Thu, 14 Feb 2013 03:50:58 -0800 (PST) MIME-Version: 1.0 From: ".. ink .." Date: Thu, 14 Feb 2013 06:44:16 -0500 Message-ID: Content-Type: multipart/alternative; boundary=e89a8f923b6684e11304d5adc855 Subject: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --e89a8f923b6684e11304d5adc855 Content-Type: text/plain; charset=ISO-8859-1 http://pastebin.com/FqxMUf8Z The above link has the source code of the program that show the crash.I have not tried that many key sizes but a key size of 5MB seem to crash cryptsetup --e89a8f923b6684e11304d5adc855 Content-Type: text/html; charset=ISO-8859-1
http://pastebin.com/FqxMUf8Z

The above link has the source code of the program that show the crash.I have not tried that many key sizes but a key size of 5MB seem to crash cryptsetup
--e89a8f923b6684e11304d5adc855-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lahr3u4VBaUD for ; Thu, 14 Feb 2013 14:43:21 +0100 (CET) Received: from mail-ee0-f52.google.com (mail-ee0-f52.google.com [74.125.83.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 14 Feb 2013 14:43:21 +0100 (CET) Received: by mail-ee0-f52.google.com with SMTP id b15so1222039eek.25 for ; Thu, 14 Feb 2013 05:43:20 -0800 (PST) Message-ID: <511CE9F5.60708@gmail.com> Date: Thu, 14 Feb 2013 14:43:17 +0100 From: Milan Broz MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ".. ink .." Cc: dm-crypt@saout.de On 02/14/2013 12:44 PM, .. ink .. wrote: > > http://pastebin.com/FqxMUf8Z > > The above link has the source code of the program that show the crash.I have not tried that many key sizes but a key size of 5MB seem to crash cryptsetup Yes, there was a stupid bug. http://code.google.com/p/cryptsetup/source/detail?r=e600024908219af09819d1a6549cad2b6813a8f0# TCRYPT passphrase is in fact limited to maximal 64 characters, so it fails now early if this limit is exceeded. Thanks, Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsY84A9yFv5h for ; Thu, 14 Feb 2013 17:39:33 +0100 (CET) Received: from mail-ia0-x22a.google.com (mail-ia0-x22a.google.com [IPv6:2607:f8b0:4001:c02::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 14 Feb 2013 17:39:32 +0100 (CET) Received: by mail-ia0-f170.google.com with SMTP id k20so2478599iak.29 for ; Thu, 14 Feb 2013 08:39:30 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <511CE9F5.60708@gmail.com> References: <511CE9F5.60708@gmail.com> From: ".. ink .." Date: Thu, 14 Feb 2013 11:39:10 -0500 Message-ID: Content-Type: multipart/alternative; boundary=90e6ba6e81d82298d704d5b1e779 Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de --90e6ba6e81d82298d704d5b1e779 Content-Type: text/plain; charset=ISO-8859-1 On Thu, Feb 14, 2013 at 8:43 AM, Milan Broz wrote: > > On 02/14/2013 12:44 PM, .. ink .. wrote: > > > > http://pastebin.com/FqxMUf8Z > > > > The above link has the source code of the program that show the crash.I > have not tried that many key sizes but a key size of 5MB seem to crash > cryptsetup > > Yes, there was a stupid bug. > > http://code.google.com/p/cryptsetup/source/detail?r=e600024908219af09819d1a6549cad2b6813a8f0# > > TCRYPT passphrase is in fact limited to maximal 64 characters, > so it fails now early if this limit is exceeded. > > Thanks, > Milan > wouldnt it be better to just cut off the key at the 65th character instead of failing out? I did a test here.and I created a truecrypt volume with a key of 70 characters and truecrypt created the volume and could open it but cryptsetup failed to open the volume. truecrypt seem to handle a key with longer length and use only the length it needs and i think cryptsetup should do the same.It will be odd to users of cryptsetup when their passphrase works with truecrypt but fail with cryptsetup --90e6ba6e81d82298d704d5b1e779 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Thu, Feb 14, 2013 at 8:43 AM, Milan B= roz <gmazyland@gmail.com> wrote:

On 02/14/2013 12:44 PM, .. ink .. wrote:
>
> http://past= ebin.com/FqxMUf8Z
>
> The above link has the source code of the program that show the crash.= I have not tried that many key sizes but a key size of 5MB seem to crash cr= yptsetup

Yes, there was a stupid bug.
http://code.google.com/p= /cryptsetup/source/detail?r=3De600024908219af09819d1a6549cad2b6813a8f0#=

TCRYPT passphrase is in fact limited to maximal 64 characters,
so it fails now early if this limit is exceeded.

Thanks,
Milan

wouldnt it be better to just cut off the key at the = 65th character instead of failing out?

I did a test here.and I creat= ed a truecrypt volume with a key of 70 characters and truecrypt created the= volume and could open it but cryptsetup failed to open the volume.

truecrypt seem to handle a key with longer length and use only the leng= th it needs and i think cryptsetup should do the same.It will be odd to use= rs of cryptsetup when their passphrase works with truecrypt but fail with c= ryptsetup
--90e6ba6e81d82298d704d5b1e779-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9AWb48FlR1E for ; Thu, 14 Feb 2013 17:57:32 +0100 (CET) Received: from mail-ea0-f180.google.com (mail-ea0-f180.google.com [209.85.215.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 14 Feb 2013 17:57:31 +0100 (CET) Received: by mail-ea0-f180.google.com with SMTP id c1so998665eaa.11 for ; Thu, 14 Feb 2013 08:57:31 -0800 (PST) Message-ID: <511D1777.6020308@gmail.com> Date: Thu, 14 Feb 2013 17:57:27 +0100 From: Milan Broz MIME-Version: 1.0 References: <511CE9F5.60708@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ".. ink .." Cc: dm-crypt@saout.de On 02/14/2013 05:39 PM, .. ink .. wrote: > > wouldnt it be better to just cut off the key at the 65th character > instead of failing out? > I did a test here.and I created a truecrypt volume with a key of 70 > characters and truecrypt created the volume and could open it but > cryptsetup failed to open the volume. which version? I tried it on some latest GUI and it did not allow me to enter more than 64 chars. But yes, trim passphrase and add warning message in verbose mode is perhaps better. I do not like it but if it is how it is handled there... > truecrypt seem to handle a key with longer length and use only the > length it needs and i think cryptsetup should do the same.It will be > odd to users of cryptsetup when their passphrase works with truecrypt > but fail with cryptsetup Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog: "* The maximum volume password length has been decreased from 100 to 64 characters. This was necessary to avoid the following: When a password longer than 64 characters was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant 160-bit value was then used instead of the original password (which complies with HMAC-SHA-1 specification), thus the password length was in fact reduced." Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzI96N3bmGO1 for ; Thu, 14 Feb 2013 18:06:42 +0100 (CET) Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 14 Feb 2013 18:06:42 +0100 (CET) Received: by mail-ie0-f182.google.com with SMTP id k14so3543076iea.41 for ; Thu, 14 Feb 2013 09:06:41 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <511D1777.6020308@gmail.com> References: <511CE9F5.60708@gmail.com> <511D1777.6020308@gmail.com> From: ".. ink .." Date: Thu, 14 Feb 2013 12:06:08 -0500 Message-ID: Content-Type: multipart/alternative; boundary=14dae9340c3d999e4f04d5b247ed Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de --14dae9340c3d999e4f04d5b247ed Content-Type: text/plain; charset=ISO-8859-1 > which version? I tried it on some latest GUI and it did not allow me > i have truecrypt version 7.0a I created a 70 byte file,copied the characters and paste them in the truecrypt GUI volume when i created the volume and the volume was created successfully. I then tried to open the volume with the same copied key and truecrypt opened the volume successfully key i use is below ,eA.i5oX)m7AV7vl~7'~y?gs8/1)Q%^>oop#yG6WzBF@-HC[F;8ee;M99O"dB
which version? I tried it on some latest GUI and it did not allow me<= br>
=A0
i have truecrypt version 7.0a
I created a 70 byte file,copied the characters and paste them in the true= crypt GUI volume when i created the volume and the volume was created succe= ssfully.

I then tried to open the volume with the same copied key and truecrypt = opened the volume successfully

key i use is below

,eA.i5oX)m7= AV7vl~7'~y?gs8/1)Q%^>oop#yG6WzBF@-HC[F;8ee;M99O"dB<r#rrrrrr<= br> --14dae9340c3d999e4f04d5b247ed-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0sIgrXFXm5bF for ; Fri, 15 Feb 2013 10:01:08 +0100 (CET) Received: from mail-ee0-f52.google.com (mail-ee0-f52.google.com [74.125.83.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Fri, 15 Feb 2013 10:01:08 +0100 (CET) Received: by mail-ee0-f52.google.com with SMTP id b15so1589472eek.11 for ; Fri, 15 Feb 2013 01:01:08 -0800 (PST) Message-ID: <511DF951.1010606@gmail.com> Date: Fri, 15 Feb 2013 10:01:05 +0100 From: Milan Broz MIME-Version: 1.0 References: <511CE9F5.60708@gmail.com> <511D1777.6020308@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ".. ink .." Cc: dm-crypt@saout.de On 02/14/2013 06:06 PM, .. ink .. wrote: > > which version? I tried it on some latest GUI and it did not allow me > > > i have truecrypt version 7.0a > > I created a 70 byte file,copied the characters and paste them in the > truecrypt GUI volume when i created the volume and the volume was > created successfully. I think the GUI widget trimmed so you in fact entered just first 64 bytes. Check with "display password" option... And try commandline, at least I get Error: Password is longer than 64 characters. I really do not like encryption systems which quietly trims anything pretending longer password is correct. This is recipe for disaster. I changed return code for TCRYPT oversized passphrase to -EPERM (So it is handled like "bad passphrase", just early, this is way I prefer.) Thanks, Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRG6x5KvPwts for ; Fri, 15 Feb 2013 12:51:39 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Fri, 15 Feb 2013 12:51:39 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-49.dclient.hispeed.ch [84.74.164.49]) by v4.tansi.org (Postfix) with ESMTPA id D1EAA1404001 for ; Fri, 15 Feb 2013 12:51:38 +0100 (CET) Date: Fri, 15 Feb 2013 12:51:38 +0100 From: Arno Wagner Message-ID: <20130215115138.GA28135@tansi.org> References: <511CE9F5.60708@gmail.com> <511D1777.6020308@gmail.com> <511DF951.1010606@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <511DF951.1010606@gmail.com> Subject: Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Feb 15, 2013 at 10:01:05AM +0100, Milan Broz wrote: > On 02/14/2013 06:06 PM, .. ink .. wrote:> > > > I think the GUI widget trimmed so you in fact entered just first 64 > bytes. Check with "display password" option... > And try commandline, at least I get > Error: Password is longer than 64 characters. > > I really do not like encryption systems which quietly trims anything > pretending longer password is correct. This is recipe for disaster. I agree. Never, ever, ever quietly degrade a password. Or other input data for that matter. Any GUI doing things like this can only be regarded as fundamentally broken. Silent errors are unacceptable, except in the one case where verbose errors help an attacker. That is not the case here. Arno > I changed return code for TCRYPT oversized passphrase to -EPERM > (So it is handled like "bad passphrase", just early, this is way > I prefer.) > > Thanks, > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell