search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Fails to open loop-AES if password is given at the prompt #242

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
If I run: cryptsetup loopaesOpen <device> <name> --key-file=-
then enter the password at the prompt, I get this error:

Incompatible loop-AES keyfile detected.

Yet, if I run: echo <password> | cryptsetup loopaesOpen <device> <name> 
--key-file=-

the loop filesystem opens successfully.

Original issue reported on code.google.com by aelmahmo...@sabily.org on 9 Jan 2015 at 5:41

GoogleCodeExporter commented 9 years ago 
Yes, because interactive password query checks if it is run on terminal and if 
so, it reads only until it detects EOL (\n).

But for multi-key loopaes need 64 lines of key (which also exceeds default 
buffer length for interactive passqord query).

If you use pipe, (echo <pwd> | cryptsetup ...), then it detects that input is 
not terminal and uses standard file descriptor read.

Actually I am not sure if this is worth to fix it just for the loopes (the 
primary key input is keyfile there)...

Original comment by gmazyl...@gmail.com on 15 Jan 2015 at 1:47

GoogleCodeExporter commented 9 years ago 
Sounds reasonable. Well, if this isn't worth fixing, maybe it should be 
mentioned in manpage that loop-AES would not accept interactive password.

Original comment by aelmahmo...@sabily.org on 15 Jan 2015 at 2:22

GoogleCodeExporter commented 9 years ago 
It will accept interactive password but only for single key device.

Actually I tried to end the entry by using EOF (ctrl+d) but it is completely 
user unfriendly and different from other interactive inputs.

So I will update man page mentioning this limitation instead.

Original comment by gmazyl...@gmail.com on 15 Jan 2015 at 2:41

GoogleCodeExporter commented 9 years ago 
Ah, sorry that was test code, it doesn't accept even single key in current code.

And I think the safest way is to disable it if running directly from TTY 
because if it accepts single key, someone could paste by mistake a keyfile with 
64 keys and itcould incorrectly activate device using only the first key...

I think that workaround using echo is reasonable here if used in scripts.

Original comment by gmazyl...@gmail.com on 15 Jan 2015 at 2:46

GoogleCodeExporter commented 9 years ago 
Added note to man page
https://code.google.com/p/cryptsetup/source/detail?r=c13a8003faefb234ccbc342e06a
dc48004412025

I hope it is enough for now.

Thanks.

Original comment by gmazyl...@gmail.com on 15 Jan 2015 at 3:07