From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qlefebvre_pro@yahoo.com>
Received: from nm24-vm1.bullet.mail.ir2.yahoo.com
 (nm24-vm1.bullet.mail.ir2.yahoo.com [212.82.97.25])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sun, 23 Nov 2014 15:01:59 +0100 (CET)
Message-ID: <5471E8D6.4020806@yahoo.com>
Date: Sun, 23 Nov 2014 15:01:58 +0100
From: Quentin Lefebvre <qlefebvre_pro@yahoo.com>
MIME-Version: 1.0
References: <546D0A9D.6080209@yahoo.com> <5471D6C7.7060405@yahoo.com>
 <5471DE14.50405@gmail.com>
In-Reply-To: <5471DE14.50405@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Empty key files vs empty passwords in plain mode
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 23/11/2014 14:16, Milan Broz wrote :
> On 11/23/2014 01:44 PM, Quentin Lefebvre wrote:
>
>>> I experienced some troubles recently with Debian's cryptsetup package
>>> (testing version), which version is 1.6.6.
>>> I found out that empty key files get refused by cryptsetup, for example:
>>> cat empty_file | cryptsetup --debug --key-file=- open --type plain
>>> /test1.loop test1
>>> gets rejected.
>>> The debug output directly leads to a test in utils_crypt.c that, I
>>> think, should be removed.
>>>
>>> Indeed, empty passwords are accepted, so it make sense to accept also
>>> empty inputs.
>>> Especially in Debian, where cryptdisks_start script calls:
>>> /lib/cryptsetup/askpass | cryptsetup --key-file=- open --type [type]
>>> [src] [dst]
>>>
>>> What do you think about this issue?
>>> Shall I send a patch for that?
>
> Well, logically it should be the same. But reading empty keyfile never worked AFAIK

Right, and this is just because of a test that returns an error code in 
case the key file is empty.

> and IMHO the case that you encrypt device by empty keyfile by mistake
> is more common...

I agree and I think there should be at least a warning.

> I am tempting to say it is a safety feature than bug :-)
>
> Anyway, please create issue on project page, https://code.google.com/p/cryptsetup/issues/list
> If you have a patch, attach it there as well.

Sure, I'll do that. But which tool is preferred to write a patch for 
cryptsetup?

> I will get to it but this is not really urgent issue to solve.

In my opinion, the problem is, for example, when a user enters a blank 
password (not secured, sure) and then reboot and can't mount his file 
system because of a script piped to cryptsetup.

> BTW I would better suggest that Debian uses pwquality library with some sane
> defaults and will not allow users to enter so weak passwords in the first place...
>
> (There is always --force-password switch so your issue is still kind of problem
> for testing though.)

OK.
Thanks for this answer.

Cheers,
Quentin