From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1Z9aTn-0006YR-Nx
	for mharc-grub-devel@gnu.org; Mon, 29 Jun 2015 10:56:15 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44181)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <grub@jelmail.com>) id 1Z9aTl-0006Xl-9p
	for grub-devel@gnu.org; Mon, 29 Jun 2015 10:56:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <grub@jelmail.com>) id 1Z9aTi-0001qj-1y
	for grub-devel@gnu.org; Mon, 29 Jun 2015 10:56:13 -0400
Received: from johnlane.plus.com ([212.159.104.145]:64496
	helo=sodium.amajohn.co.uk) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <grub@jelmail.com>) id 1Z9aTh-0001qf-Rc
	for grub-devel@gnu.org; Mon, 29 Jun 2015 10:56:09 -0400
Received: by sodium.amajohn.co.uk (Postfix, from userid 1000)
	id 1290C4C; Mon, 29 Jun 2015 15:56:08 +0100 (BST)
Received: from [10.0.200.1] (hydrogen.amajohn.co.uk [10.0.200.1])
	by sodium.amajohn.co.uk (Postfix) with ESMTPSA id 9E4A829
	for <grub-devel@gnu.org>; Mon, 29 Jun 2015 15:56:08 +0100 (BST)
Message-ID: <55915C87.9060106@jelmail.com>
Date: Mon, 29 Jun 2015 15:56:07 +0100
From: John Lane <grub@jelmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: [PATCH 3/5] cryptomount luks allow multiple passphrase attempts
References: <1435588260-29456-1-git-send-email-grub@jelmail.com>
	<1435588260-29456-4-git-send-email-grub@jelmail.com>
In-Reply-To: <1435588260-29456-4-git-send-email-grub@jelmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Outbound-Checked: Yes
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 212.159.104.145
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2015 14:56:14 -0000

When opening a LUKS volume the user has 2 chances to supply a correct
passphrase.

if the first attempt fails then the passphrase prompt appears again.
if keyfile given then the first attempt is the uses that instead of
prompting; failure will then prompt the user for a passphrase.

This does not apply to plain mode because there is no way to know that a
key is incorrect in plain mode. Whatever key or passphrase is given will
succeed (but the unlocked data may appear as garbage, of course.).
That's inherent in the implementation of plain mode.