[dm-crypt] cryptsetup 1.6.0 crash when attempting to open truecrypt volume if the key is large enough

Arno Wagner arno at wagner.name
Fri Feb 15 12:51:38 CET 2013


On Fri, Feb 15, 2013 at 10:01:05AM +0100, Milan Broz wrote:
> On 02/14/2013 06:06 PM, .. ink .. wrote:> > 
> 
> I think the GUI widget trimmed so you in fact entered just first 64
> bytes. Check with "display password" option...
> And try commandline, at least I get
> Error: Password is longer than 64 characters.
> 
> I really do not like encryption systems which quietly trims anything
> pretending longer password is correct. This is recipe for disaster.

I agree. Never, ever, ever quietly degrade a password. Or other 
input data for that matter. Any GUI doing things like this can 
only be regarded as fundamentally broken. Silent errors are
unacceptable, except in the one case where verbose errors help
an attacker. That is not the case here.

Arno 

 
> I changed return code for TCRYPT oversized passphrase to -EPERM
> (So it is handled like "bad passphrase", just early, this is way
> I prefer.)
> 
> Thanks,
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell


More information about the dm-crypt mailing list