[dm-crypt] Secret data from stdin

Arno Wagner arno at wagner.name
Thu Aug 16 00:38:10 CEST 2012


On Wed, Aug 15, 2012 at 10:12:27AM -0500, Kent Yoder wrote:
> Hi Arno,
> 
> >>
> >> This appears to work (no message printed, exit status 0).
> >>
> >> What might not be obvious is that if binary_secret contains a '\n'
> >> character, input gets truncated at this point.
> >
> > This is documented in the man-page of the current release under
> > "NOTES ON PASSPHRASE PROCESSING FOR LUKS".
> 
>   You were right - I was looking at an old git version. The new
> version is clearer IMO.

Ok.
 
> >> This should probably be clearer in the man page at a
> >> minimum (see patch), but I think a warning is appropriate too.
> >> Secret processing that stops at \n isn't appropriate for binary
> >> data.
> >
> > And that is the thing here. A passphrase is _not_ binary data!
> > Doing
> >
> >    "cat binary_secret | cryptsetup luksFormat /dev/loop0"
> >
> > is inherently wrong. What you need to do is
> >
> >   "cat file_with_passphrase_that_could_also_be_entered_interactively
> >   | cryptsetup luksFormat /dev/loop0"
> 
>   I agree - just seeing a script that did the first one made me wonder
> if it even worked.

Well, people have to read the documentation if they want it
to work right. It is really not that much for cryptsetup,
just the man-page plus the FAQ. It is not like it has a 500 page
documentation. If people ignore the documentation, they basically
get what they deserve. This problem is worse with crypto, as
lots of problems are non-visible (it works but is insecure), 
but anybody working with crypto needs to understand that.
Those that do not _will_ make fatal mistalkes, no matter 
how much warning is given. Crypto is not a beginners game.

> > As to your patch, I am unable to match your patch to the
> > current version of the man-page. Did you do a "git pull"
> > before? May also be a problem on my side, please verify:
> >
> >> md5sum cryptsetup.8
> > 4fd70bbd1018f95818902144499c2234  cryptsetup.8
> 
>   Yep, I am out of date here.  What do you think about a code change
> that woudl print a big fat warning if non-ascii bytes are detected on
> stdin?  Not changing the behavior (we don't want to break people who
> might be already doing this), but just a warning.

See my reply to Milan.

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list