Closed HulaHoopWhonix closed 5 years ago
mhogomchungu
commented
5 years ago What backend are you using?
TrueCrypt and VeraCrypt volumes have a policy of a 64 character password limit. I am certain TrueCrypt GUI silently drops all extra characters since the GUI is no longer developed and it behaved this way last time i tried it. Not sure about VeraCrypt now but it worked the same last time i tested it.
HulaHoopWhonix
commented
5 years ago What backend are you using?
LUKS1
mhogomchungu
commented
5 years ago zuliCrypt has 8MB password limit and from memory, i got this limit from cryptsetup.
zuluCrypt has a 1MB limit for keyfiles size and i got this limit from TrueCrypt.
Are you using a password or a keyfile?
How many characters are in your key.
HulaHoopWhonix
commented
5 years ago I'm using a password or "key" as it is called.
How many characters are in your key.
Approx 150. Each diceware word is roughly 7 characters long
mhogomchungu
commented
5 years ago Your key is too short and it should work as expected with LUKS based volumes.
Are you sure the problem is key trancation by zuluCrypt?
What version of zuluCrypt are you using and from what distribution?
HulaHoopWhonix
commented
5 years ago Are you sure the problem is key trancation by zuluCrypt?
What else could it be in your opinion?
5.4.0-3 from Debian Buster
HulaHoopWhonix
commented
5 years ago OK played around with it some more and it seems the password length limit is set to 100 characters. Anything more than that is silently discarded.
mhogomchungu
commented
5 years ago You are correct and this seems to be a bug in Qt since the default value is set to 100 instead of documented value of 32767[1]
The bug should be gone in the git version since i am now explicity setting the max value of 32767.
mhogomchungu
commented
5 years ago I am closing this one since the reported issue is now gone in the git version.
If all go according to plan, the next version of zuluCrypt will be released on the first of next month.
HulaHoopWhonix
commented
5 years ago Thanks. Reported downstream for patch uplifting:
Hi. I'm running zulucrypt on Debian Buster. I noticed zulucrypt enforces a max passphrase length silently. It is recommended by the EFF to use diceware to generate easy to remember and strong passwords. For PQ security we recommend our users use a 20 word phrase for 128 bit entropy if quantum computers become a reality. I noticed that whenever I try adding such passphrase and try to reopen the volume, it fails. It seems zulucrypt truncates the original passphrase silently without alerting users.
There is no need to set arbitrary limits on password length. The longer the better.