Re: [dm-crypt] Empty key files vs empty passwords in plain mode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Quentin Lefebvre <qlefebvre_pro@yahoo.com>
To: Milan Broz <gmazyland@gmail.com>, dm-crypt@saout.de
Subject: Re: [dm-crypt] Empty key files vs empty passwords in plain mode
Date: Sun, 23 Nov 2014 16:29:28 +0100	[thread overview]
Message-ID: <5471FD58.8000100@yahoo.com> (raw)
In-Reply-To: <5471F5DA.6090208@gmail.com>

Le 23/11/2014 15:57, Milan Broz a écrit :
> On 11/23/2014 03:01 PM, Quentin Lefebvre wrote:
> ...
>>> Well, logically it should be the same. But reading empty keyfile never worked AFAIK
>>
>> Right, and this is just because of a test that returns an error code in
>> case the key file is empty.
>>
>>> and IMHO the case that you encrypt device by empty keyfile by mistake
>>> is more common...
>>
>> I agree and I think there should be at least a warning.
>
> Maybe for luksFormat but not for plain case. Otherwise everyone with access
> to logs or screen scroll up will see that password is empty.
>
> I have a generic rule that cryptsetup output (even debug log) must not
> contain usable information about your password or key.

OK, this makes sense.

>>> I am tempting to say it is a safety feature than bug :-)
>>>
>>> Anyway, please create issue on project page, https://code.google.com/p/cryptsetup/issues/list
>>> If you have a patch, attach it there as well.
>>
>> Sure, I'll do that. But which tool is preferred to write a patch for
>> cryptsetup?
>
> Whatever is applicable. The best is created with "git format-patch" way
> so I can simply apply it to git if it is correct.
>
> There is also repository mirror on github so pull request there will work as well.
> (I will just not use github directly because it is not primary repo.)

Thanks for the advice.

At this point, I think I'll try to write a patch that accepts an empty 
key file, except in the case where --force-password is set (actually I 
didn't know this parameter).

Best,
Quentin

next prev parent reply	other threads:[~2014-11-23 15:29 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-19 21:24 [dm-crypt] Empty key files vs empty passwords in plain mode Quentin Lefebvre
2014-11-23 12:44 ` Quentin Lefebvre
2014-11-23 13:16   ` Milan Broz
2014-11-23 14:01     ` Quentin Lefebvre
2014-11-23 14:57       ` Milan Broz
2014-11-23 15:29         ` Quentin Lefebvre [this message]
2014-11-23 15:33           ` Quentin Lefebvre

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5471FD58.8000100@yahoo.com \
    --to=qlefebvre_pro@yahoo.com \
    --cc=dm-crypt@saout.de \
    --cc=gmazyland@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.