From: Milan Broz <gmazyland@gmail.com>
To: "shmick@riseup.net" <shmick@riseup.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] 1.6.2 - waiting for zero, luksFormat hung
Date: Fri, 22 Nov 2013 14:11:08 +0100 [thread overview]
Message-ID: <528F57EC.1000409@gmail.com> (raw)
In-Reply-To: <528F465D.3090103@riseup.net>
On 11/22/2013 12:56 PM, shmick@riseup.net wrote:
>
>
> Milan Broz:
>> On 11/22/2013 09:38 AM, shmick@riseup.net wrote:
>>
>>>
>>> why does luksFormat succeed using a simple short password and fail with
>>> a more complex, longer one ?
>>>
>>> this occurs in parted magic boot cd from 28-02-2013
>>
>> It seems that there is no free download. Sorry, cannot even try it. Ask them.
>
> yes i believe the author of that went through some troubles a while back
> - i was not aware you could not download any version anymore
>
>>
>> It works with upstream build, in fact, maximal interactive password length
>> can be seen in cryptsetup --help:
>
> mind if i ask which distro you were able to successfully luksFormat to
> in cryptsetup 1.6.2 issuing:
Fedora, RHEL, CentOS, Debian, Gentoo, ...
If you run just configure without switches, you should get working output.
(Obviously you need all library dependences configured.)
Maybe you can try to compile it with --disable-udev but this can add way
of more problems than you already have.
But as I said, you do not need to compile it yourself, use distro version.
Sorry, this is not upstream issue, maybe someone on list using the same distro
can help better.
> cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64
> --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0
FYI this is how it should work (password is >100 chars),
this is on Fedora 19 with system installed cryptsetup (1.6.2) for example.
[root@localhost ~]# cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0
# cryptsetup 1.6.2 processing "cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
WARNING!
========
This will overwrite data on /dev/md0 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/md0 context.
# Trying to open and read device /dev/md0.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 miliseconds.
# RNG set to 1 (random).
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Checking new password using default pwquality settings.
# New password libpwquality score is 100.
# Formatting device /dev/md0 as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha512, twofish, xts-plain64, MK 32 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 137248 iterations per second.
# Data offset 4096, UUID 412085a1-3abe-4f36-8826-7711c8ce6c28, digest iterations 33500
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 131863 iterations per second.
# Key slot 0 use 128771 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# Detected kernel Linux 3.11.8-200.fc19.x86_64 x86_64.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.12.1, dm-ioctl version 4.25.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-1216
# Udev cookie 0xd4d78b0 (semid 229376) created
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 2
# Udev cookie 0xd4d78b0 (semid 229376) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-1216 CRYPT-TEMP-temporary-cryptsetup-1216 OF [16384] (*1)
# dm reload temporary-cryptsetup-1216 OFW [16384] (*1)
# dm resume temporary-cryptsetup-1216 OFW [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d78b0 (semid 229376) decremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) waiting for zero
# Udev cookie 0xd4d78b0 (semid 229376) destroyed
# temporary-cryptsetup-1216: Processing NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-1216 (253:2): read ahead is 256
# temporary-cryptsetup-1216 (253:2): Setting read ahead to 256
# Udev cookie 0xd4de367 (semid 262144) created
# Udev cookie 0xd4de367 (semid 262144) incremented to 1
# Udev cookie 0xd4de367 (semid 262144) incremented to 2
# Udev cookie 0xd4de367 (semid 262144) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-1216 OFT [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4de367 (semid 262144) decremented to 1
# Udev cookie 0xd4de367 (semid 262144) waiting for zero
# Udev cookie 0xd4de367 (semid 262144) destroyed
# temporary-cryptsetup-1216: Processing NODE_DEL [verify_udev]
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Releasing crypt device /dev/md0 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
[root@localhost ~]# cryptsetup luksOpen /dev/md0 test
Enter passphrase for /dev/md0:
[root@localhost ~]# cryptsetup status test
/dev/mapper/test is active.
type: LUKS1
cipher: twofish-xts-plain64
keysize: 256 bits
device: /dev/md0
offset: 4096 sectors
size: 36736 sectors
mode: read/write
Milan
prev parent reply other threads:[~2013-11-22 13:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-20 16:44 [dm-crypt] 1.6.2 - waiting for zero, luksFormat hung shmick
2013-11-20 19:05 ` Milan Broz
2013-11-21 14:55 ` shmick
2013-11-21 18:58 ` Milan Broz
2013-11-22 7:40 ` shmick
2013-11-22 8:13 ` Milan Broz
2013-11-22 8:38 ` shmick
2013-11-22 9:17 ` Milan Broz
2013-11-22 11:56 ` shmick
2013-11-22 13:11 ` Milan Broz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528F57EC.1000409@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=shmick@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox