[dm-crypt] maximum keyfile size

.. ink .. mhogomchungu at gmail.com
Thu Jun 28 13:22:29 CEST 2012


resending the email with below content to list, didnt check were i
sent the email and i ended up sending it not to the list

On Thu, Jun 28, 2012 at 7:17 AM, .. ink .. <mhogomchungu at gmail.com> wrote:
>> Passphrase is interactively entered string
>> (from real terminal, not stdint), keyfile is everything else.
>>
>
> i know ssh prevents reading passphrase from stdin and demands a "real terminal"
>
> I have just spent hours googling looking for any security problems
> that arise from not caring if the passphrase came from tty,file or
> pipe and havent found anything.Any person know of a link i can read up
> to get more info?.
>
> i tried with version 1.5.0 rc1 and 1.3.1 to see how cryptsetup behaves
> when it asks for a key interactively while started on a background and
> this is what i saw. There seem to be a buffer overflow somewhere.
>
> [root at mtz sbin]# ./cryptsetup luksOpen /dev/sdc1 xxx &
> [3] 29690
> [root at mtz sbin]# Enter passphrase for /dev/sdc1: pp
> Usage:  pp -t type [-a] [-i input] [-o output]
> -t type              Specify the input type (must be one of private-key,
>                     public-key, certificate, certificate-request,
>                     pkcs7, crl or name)
> -a                   Input is in ascii encoded form (RFC1113)
> -i input             Define an input file to use (default is stdin)
> -o output            Define an output file to use (default is stdout)
>
> [3]+  Stopped                 ./cryptsetup luksOpen /dev/sdc1 xxx
> [root at mtz sbin]#


More information about the dm-crypt mailing list