From: Quentin Lefebvre <qlefebvre_pro@yahoo.com>
To: Milan Broz <gmazyland@gmail.com>, dm-crypt@saout.de
Subject: Re: [dm-crypt] Empty key files vs empty passwords in plain mode
Date: Sun, 23 Nov 2014 16:29:28 +0100 [thread overview]
Message-ID: <5471FD58.8000100@yahoo.com> (raw)
In-Reply-To: <5471F5DA.6090208@gmail.com>
Le 23/11/2014 15:57, Milan Broz a écrit :
> On 11/23/2014 03:01 PM, Quentin Lefebvre wrote:
> ...
>>> Well, logically it should be the same. But reading empty keyfile never worked AFAIK
>>
>> Right, and this is just because of a test that returns an error code in
>> case the key file is empty.
>>
>>> and IMHO the case that you encrypt device by empty keyfile by mistake
>>> is more common...
>>
>> I agree and I think there should be at least a warning.
>
> Maybe for luksFormat but not for plain case. Otherwise everyone with access
> to logs or screen scroll up will see that password is empty.
>
> I have a generic rule that cryptsetup output (even debug log) must not
> contain usable information about your password or key.
OK, this makes sense.
>>> I am tempting to say it is a safety feature than bug :-)
>>>
>>> Anyway, please create issue on project page, https://code.google.com/p/cryptsetup/issues/list
>>> If you have a patch, attach it there as well.
>>
>> Sure, I'll do that. But which tool is preferred to write a patch for
>> cryptsetup?
>
> Whatever is applicable. The best is created with "git format-patch" way
> so I can simply apply it to git if it is correct.
>
> There is also repository mirror on github so pull request there will work as well.
> (I will just not use github directly because it is not primary repo.)
Thanks for the advice.
At this point, I think I'll try to write a patch that accepts an empty
key file, except in the case where --force-password is set (actually I
didn't know this parameter).
Best,
Quentin
next prev parent reply other threads:[~2014-11-23 15:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-19 21:24 [dm-crypt] Empty key files vs empty passwords in plain mode Quentin Lefebvre
2014-11-23 12:44 ` Quentin Lefebvre
2014-11-23 13:16 ` Milan Broz
2014-11-23 14:01 ` Quentin Lefebvre
2014-11-23 14:57 ` Milan Broz
2014-11-23 15:29 ` Quentin Lefebvre [this message]
2014-11-23 15:33 ` Quentin Lefebvre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5471FD58.8000100@yahoo.com \
--to=qlefebvre_pro@yahoo.com \
--cc=dm-crypt@saout.de \
--cc=gmazyland@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox