* [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough @ 2013-02-14 11:44 .. ink .. 2013-02-14 13:43 ` Milan Broz 0 siblings, 1 reply; 7+ messages in thread From: .. ink .. @ 2013-02-14 11:44 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 184 bytes --] http://pastebin.com/FqxMUf8Z The above link has the source code of the program that show the crash.I have not tried that many key sizes but a key size of 5MB seem to crash cryptsetup [-- Attachment #2: Type: text/html, Size: 242 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-14 11:44 [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough .. ink .. @ 2013-02-14 13:43 ` Milan Broz 2013-02-14 16:39 ` .. ink .. 0 siblings, 1 reply; 7+ messages in thread From: Milan Broz @ 2013-02-14 13:43 UTC (permalink / raw) To: .. ink ..; +Cc: dm-crypt On 02/14/2013 12:44 PM, .. ink .. wrote: > > http://pastebin.com/FqxMUf8Z > > The above link has the source code of the program that show the crash.I have not tried that many key sizes but a key size of 5MB seem to crash cryptsetup Yes, there was a stupid bug. http://code.google.com/p/cryptsetup/source/detail?r=e600024908219af09819d1a6549cad2b6813a8f0# TCRYPT passphrase is in fact limited to maximal 64 characters, so it fails now early if this limit is exceeded. Thanks, Milan ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-14 13:43 ` Milan Broz @ 2013-02-14 16:39 ` .. ink .. 2013-02-14 16:57 ` Milan Broz 0 siblings, 1 reply; 7+ messages in thread From: .. ink .. @ 2013-02-14 16:39 UTC (permalink / raw) To: Milan Broz; +Cc: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1090 bytes --] On Thu, Feb 14, 2013 at 8:43 AM, Milan Broz <gmazyland@gmail.com> wrote: > > On 02/14/2013 12:44 PM, .. ink .. wrote: > > > > http://pastebin.com/FqxMUf8Z > > > > The above link has the source code of the program that show the crash.I > have not tried that many key sizes but a key size of 5MB seem to crash > cryptsetup > > Yes, there was a stupid bug. > > http://code.google.com/p/cryptsetup/source/detail?r=e600024908219af09819d1a6549cad2b6813a8f0# > > TCRYPT passphrase is in fact limited to maximal 64 characters, > so it fails now early if this limit is exceeded. > > Thanks, > Milan > wouldnt it be better to just cut off the key at the 65th character instead of failing out? I did a test here.and I created a truecrypt volume with a key of 70 characters and truecrypt created the volume and could open it but cryptsetup failed to open the volume. truecrypt seem to handle a key with longer length and use only the length it needs and i think cryptsetup should do the same.It will be odd to users of cryptsetup when their passphrase works with truecrypt but fail with cryptsetup [-- Attachment #2: Type: text/html, Size: 1624 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-14 16:39 ` .. ink .. @ 2013-02-14 16:57 ` Milan Broz 2013-02-14 17:06 ` .. ink .. 0 siblings, 1 reply; 7+ messages in thread From: Milan Broz @ 2013-02-14 16:57 UTC (permalink / raw) To: .. ink ..; +Cc: dm-crypt On 02/14/2013 05:39 PM, .. ink .. wrote: > > wouldnt it be better to just cut off the key at the 65th character > instead of failing out? > I did a test here.and I created a truecrypt volume with a key of 70 > characters and truecrypt created the volume and could open it but > cryptsetup failed to open the volume. which version? I tried it on some latest GUI and it did not allow me to enter more than 64 chars. But yes, trim passphrase and add warning message in verbose mode is perhaps better. I do not like it but if it is how it is handled there... > truecrypt seem to handle a key with longer length and use only the > length it needs and i think cryptsetup should do the same.It will be > odd to users of cryptsetup when their passphrase works with truecrypt > but fail with cryptsetup Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog: "* The maximum volume password length has been decreased from 100 to 64 characters. This was necessary to avoid the following: When a password longer than 64 characters was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant 160-bit value was then used instead of the original password (which complies with HMAC-SHA-1 specification), thus the password length was in fact reduced." Milan ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-14 16:57 ` Milan Broz @ 2013-02-14 17:06 ` .. ink .. 2013-02-15 9:01 ` Milan Broz 0 siblings, 1 reply; 7+ messages in thread From: .. ink .. @ 2013-02-14 17:06 UTC (permalink / raw) To: Milan Broz; +Cc: dm-crypt [-- Attachment #1: Type: text/plain, Size: 457 bytes --] > which version? I tried it on some latest GUI and it did not allow me > i have truecrypt version 7.0a I created a 70 byte file,copied the characters and paste them in the truecrypt GUI volume when i created the volume and the volume was created successfully. I then tried to open the volume with the same copied key and truecrypt opened the volume successfully key i use is below ,eA.i5oX)m7AV7vl~7'~y?gs8/1)Q%^>oop#yG6WzBF@-HC[F;8ee;M99O"dB<r#rrrrrr [-- Attachment #2: Type: text/html, Size: 695 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-14 17:06 ` .. ink .. @ 2013-02-15 9:01 ` Milan Broz 2013-02-15 11:51 ` Arno Wagner 0 siblings, 1 reply; 7+ messages in thread From: Milan Broz @ 2013-02-15 9:01 UTC (permalink / raw) To: .. ink ..; +Cc: dm-crypt On 02/14/2013 06:06 PM, .. ink .. wrote: > > which version? I tried it on some latest GUI and it did not allow me > > > i have truecrypt version 7.0a > > I created a 70 byte file,copied the characters and paste them in the > truecrypt GUI volume when i created the volume and the volume was > created successfully. I think the GUI widget trimmed so you in fact entered just first 64 bytes. Check with "display password" option... And try commandline, at least I get Error: Password is longer than 64 characters. I really do not like encryption systems which quietly trims anything pretending longer password is correct. This is recipe for disaster. I changed return code for TCRYPT oversized passphrase to -EPERM (So it is handled like "bad passphrase", just early, this is way I prefer.) Thanks, Milan ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough 2013-02-15 9:01 ` Milan Broz @ 2013-02-15 11:51 ` Arno Wagner 0 siblings, 0 replies; 7+ messages in thread From: Arno Wagner @ 2013-02-15 11:51 UTC (permalink / raw) To: dm-crypt On Fri, Feb 15, 2013 at 10:01:05AM +0100, Milan Broz wrote: > On 02/14/2013 06:06 PM, .. ink .. wrote:> > > > I think the GUI widget trimmed so you in fact entered just first 64 > bytes. Check with "display password" option... > And try commandline, at least I get > Error: Password is longer than 64 characters. > > I really do not like encryption systems which quietly trims anything > pretending longer password is correct. This is recipe for disaster. I agree. Never, ever, ever quietly degrade a password. Or other input data for that matter. Any GUI doing things like this can only be regarded as fundamentally broken. Silent errors are unacceptable, except in the one case where verbose errors help an attacker. That is not the case here. Arno > I changed return code for TCRYPT oversized passphrase to -EPERM > (So it is handled like "bad passphrase", just early, this is way > I prefer.) > > Thanks, > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-02-15 11:51 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-02-14 11:44 [dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough .. ink .. 2013-02-14 13:43 ` Milan Broz 2013-02-14 16:39 ` .. ink .. 2013-02-14 16:57 ` Milan Broz 2013-02-14 17:06 ` .. ink .. 2013-02-15 9:01 ` Milan Broz 2013-02-15 11:51 ` Arno Wagner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.