search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

some improvements to the manpage #164

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi.

1) The introductory lines in the NAME
as well as the DESCRIPTION sections only mention plain dm-crypt/LUKS... and 
forget about the loopaes/truecrypt support

2)create: open --type plain <device> <name> switched arguments)
              plainOpen: open --type plain
              luksOpen: open --type luks
              loopaesOpen: open --type loopaes
              tcryptOpen: open --type tcrypt
=> I think a "(" is missing at... and should <device> <name> be repeated in 
each line?

3) In PLAIN MODE
"When the raw device is mapped (created)"
Shouldn't that also read "(opened)" now, for consistency?
Maybe the same in "Creates a mapping with <name> backed by device <device>."

4) order of <device> <name>
In BASIC COMMANDS it says:
"open <name> <device>"
but in LUKS EXTENSION:
"open --type luks <device> <name>"

5) documentation of luksFormat
"<options>  can  be" misses
"--hash", "--header" and "--iter-time"

6) --verify-passphrase
It should read
"Ignore_d_ on input from file or stdin."
instead of
"Ignores on input from file or stdin."

7) --master-key-file
Not sure about this, but I vaguely remember that you've once mentioned it was 
not suggested for security reasons to create one's own master key (e.g. out of 
/dev/random)... is this true? If so... perhaps we should add a warning about 
just this there.

8) documentation of luksAddKey
"<options>  can  be" misses "--iter-time"

9) --force-password seems to miss in all of:
luksFormat, luksAddKey and luksChangeKey

10) in NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE
"The has result"
Should read "hash"

11) NOTES ON PASSPHRASE PROCESSING FOR LUKS
"The only exception is a low-entropy passphrase used on a slow device."
=> isn't the device speed irrelevant for security as an attacker can always 
just copy everything to fast devices...?

Cheers,
Chris.

Original issue reported on code.google.com by calestyo@gmail.com on 28 Jun 2013 at 10:56

GoogleCodeExporter commented 9 years ago 
Thanks! All fixed, except 11). Added explanation to 11) that a slow CPU leads 
to a low iteration count and that for this case, it may be advisable to use 
--iter-time to increase the iteration count.

Original comment by wagner.a...@gmail.com on 3 Jul 2013 at 11:06

GoogleCodeExporter commented 9 years ago 
Hi Arno.

I cross checked your commit,... seems to be all right, just the following 
comments:

1) Was it on purpose that you didn't mention TC/loopaes in the NAME section?
I'd be fine with that, cause the main reason for cryptsetup is surely 
plain/LUKS... just ask in case you missed it by accident.

2) It may make sense to put the sentence you've added ("or \fBcreate\fR, the 
order of the <name> and <device> options is inverted for historical reasons, 
all other aliases use the standard \fB<device> <name>\fR order.") directly 
below the line for the create option,... since it relates directly to it...
But I have really absolutely no strong opinion about that.

7) Wouldn't it make sense then to tell people how to securely create a master 
key? Possibly also by referencing to the FAQ?

Thanks,
Chris :)

Original comment by calestyo@gmail.com on 3 Jul 2013 at 11:29