Closed GoogleCodeExporter closed 9 years ago
Yes, because interactive password query checks if it is run on terminal and if
so, it reads only until it detects EOL (\n).
But for multi-key loopaes need 64 lines of key (which also exceeds default
buffer length for interactive passqord query).
If you use pipe, (echo <pwd> | cryptsetup ...), then it detects that input is
not terminal and uses standard file descriptor read.
Actually I am not sure if this is worth to fix it just for the loopes (the
primary key input is keyfile there)...
Original comment by gmazyl...@gmail.com
on 15 Jan 2015 at 1:47
Sounds reasonable. Well, if this isn't worth fixing, maybe it should be
mentioned in manpage that loop-AES would not accept interactive password.
Original comment by aelmahmo...@sabily.org
on 15 Jan 2015 at 2:22
It will accept interactive password but only for single key device.
Actually I tried to end the entry by using EOF (ctrl+d) but it is completely
user unfriendly and different from other interactive inputs.
So I will update man page mentioning this limitation instead.
Original comment by gmazyl...@gmail.com
on 15 Jan 2015 at 2:41
Ah, sorry that was test code, it doesn't accept even single key in current code.
And I think the safest way is to disable it if running directly from TTY
because if it accepts single key, someone could paste by mistake a keyfile with
64 keys and itcould incorrectly activate device using only the first key...
I think that workaround using echo is reasonable here if used in scripts.
Original comment by gmazyl...@gmail.com
on 15 Jan 2015 at 2:46
Added note to man page
https://code.google.com/p/cryptsetup/source/detail?r=c13a8003faefb234ccbc342e06a
dc48004412025
I hope it is enough for now.
Thanks.
Original comment by gmazyl...@gmail.com
on 15 Jan 2015 at 3:07
Original issue reported on code.google.com by
aelmahmo...@sabily.org
on 9 Jan 2015 at 5:41