From: Milan Broz <gmazyland@gmail.com>
To: "shmick@riseup.net" <shmick@riseup.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] 1.6.2 - waiting for zero, luksFormat hung
Date: Fri, 22 Nov 2013 14:11:08 +0100 [thread overview]
Message-ID: <528F57EC.1000409@gmail.com> (raw)
In-Reply-To: <528F465D.3090103@riseup.net>
On 11/22/2013 12:56 PM, shmick@riseup.net wrote:
>
>
> Milan Broz:
>> On 11/22/2013 09:38 AM, shmick@riseup.net wrote:
>>
>>>
>>> why does luksFormat succeed using a simple short password and fail with
>>> a more complex, longer one ?
>>>
>>> this occurs in parted magic boot cd from 28-02-2013
>>
>> It seems that there is no free download. Sorry, cannot even try it. Ask them.
>
> yes i believe the author of that went through some troubles a while back
> - i was not aware you could not download any version anymore
>
>>
>> It works with upstream build, in fact, maximal interactive password length
>> can be seen in cryptsetup --help:
>
> mind if i ask which distro you were able to successfully luksFormat to
> in cryptsetup 1.6.2 issuing:
Fedora, RHEL, CentOS, Debian, Gentoo, ...
If you run just configure without switches, you should get working output.
(Obviously you need all library dependences configured.)
Maybe you can try to compile it with --disable-udev but this can add way
of more problems than you already have.
But as I said, you do not need to compile it yourself, use distro version.
Sorry, this is not upstream issue, maybe someone on list using the same distro
can help better.
> cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64
> --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0
FYI this is how it should work (password is >100 chars),
this is on Fedora 19 with system installed cryptsetup (1.6.2) for example.
[root@localhost ~]# cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0
# cryptsetup 1.6.2 processing "cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
WARNING!
========
This will overwrite data on /dev/md0 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/md0 context.
# Trying to open and read device /dev/md0.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 miliseconds.
# RNG set to 1 (random).
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Checking new password using default pwquality settings.
# New password libpwquality score is 100.
# Formatting device /dev/md0 as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha512, twofish, xts-plain64, MK 32 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 137248 iterations per second.
# Data offset 4096, UUID 412085a1-3abe-4f36-8826-7711c8ce6c28, digest iterations 33500
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 131863 iterations per second.
# Key slot 0 use 128771 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# Detected kernel Linux 3.11.8-200.fc19.x86_64 x86_64.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.12.1, dm-ioctl version 4.25.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-1216
# Udev cookie 0xd4d78b0 (semid 229376) created
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 2
# Udev cookie 0xd4d78b0 (semid 229376) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-1216 CRYPT-TEMP-temporary-cryptsetup-1216 OF [16384] (*1)
# dm reload temporary-cryptsetup-1216 OFW [16384] (*1)
# dm resume temporary-cryptsetup-1216 OFW [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d78b0 (semid 229376) decremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) waiting for zero
# Udev cookie 0xd4d78b0 (semid 229376) destroyed
# temporary-cryptsetup-1216: Processing NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-1216 (253:2): read ahead is 256
# temporary-cryptsetup-1216 (253:2): Setting read ahead to 256
# Udev cookie 0xd4de367 (semid 262144) created
# Udev cookie 0xd4de367 (semid 262144) incremented to 1
# Udev cookie 0xd4de367 (semid 262144) incremented to 2
# Udev cookie 0xd4de367 (semid 262144) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-1216 OFT [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4de367 (semid 262144) decremented to 1
# Udev cookie 0xd4de367 (semid 262144) waiting for zero
# Udev cookie 0xd4de367 (semid 262144) destroyed
# temporary-cryptsetup-1216: Processing NODE_DEL [verify_udev]
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Releasing crypt device /dev/md0 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
[root@localhost ~]# cryptsetup luksOpen /dev/md0 test
Enter passphrase for /dev/md0:
[root@localhost ~]# cryptsetup status test
/dev/mapper/test is active.
type: LUKS1
cipher: twofish-xts-plain64
keysize: 256 bits
device: /dev/md0
offset: 4096 sectors
size: 36736 sectors
mode: read/write
Milan
prev parent reply other threads:[~2013-11-22 13:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-20 16:44 [dm-crypt] 1.6.2 - waiting for zero, luksFormat hung shmick
2013-11-20 19:05 ` Milan Broz
2013-11-21 14:55 ` shmick
2013-11-21 18:58 ` Milan Broz
2013-11-22 7:40 ` shmick
2013-11-22 8:13 ` Milan Broz
2013-11-22 8:38 ` shmick
2013-11-22 9:17 ` Milan Broz
2013-11-22 11:56 ` shmick
2013-11-22 13:11 ` Milan Broz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528F57EC.1000409@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=shmick@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.