[dm-crypt] 1.6.2 - waiting for zero, luksFormat hung

Milan Broz gmazyland at gmail.com
Fri Nov 22 14:11:08 CET 2013


On 11/22/2013 12:56 PM, shmick at riseup.net wrote:
> 
> 
> Milan Broz:
>> On 11/22/2013 09:38 AM, shmick at riseup.net wrote:
>>
>>>
>>> why does luksFormat succeed using a simple short password and fail with
>>> a more complex, longer one ?
>>>
>>> this occurs in parted magic boot cd from 28-02-2013
>>
>> It seems that there is no free download. Sorry, cannot even try it. Ask them.
> 
> yes i believe the author of that went through some troubles a while back
> - i was not aware you could not download any version anymore
> 
>>
>> It works with upstream build, in fact, maximal interactive password length
>> can be seen in cryptsetup --help:
> 
> mind if i ask which distro you were able to successfully luksFormat to
> in cryptsetup 1.6.2 issuing:

Fedora, RHEL, CentOS, Debian, Gentoo, ...

If you run just configure without switches, you should get working output.
(Obviously you need all library dependences configured.)

Maybe you can try to compile it with --disable-udev but this can add way
of more problems than you already have.

But as I said, you do not need to compile it yourself, use distro version.

Sorry, this is not upstream issue, maybe someone on list using the same distro
can help better.

> cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64
> --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0

FYI this is how it should work (password is >100 chars),
this is on Fedora 19 with system installed cryptsetup (1.6.2) for example.

[root at localhost ~]# cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0
# cryptsetup 1.6.2 processing "cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/md0 irrevocably.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/md0 context.
# Trying to open and read device /dev/md0.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 miliseconds.
# RNG set to 1 (random).
# Interactive passphrase entry requested.
Enter passphrase: 
Verify passphrase: 
# Checking new password using default pwquality settings.
# New password libpwquality score is 100.
# Formatting device /dev/md0 as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha512, twofish, xts-plain64, MK 32 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 137248 iterations per second.
# Data offset 4096, UUID 412085a1-3abe-4f36-8826-7711c8ce6c28, digest iterations 33500
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 131863 iterations per second.
# Key slot 0 use 128771 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# Detected kernel Linux 3.11.8-200.fc19.x86_64 x86_64.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.12.1, dm-ioctl version 4.25.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-1216
# Udev cookie 0xd4d78b0 (semid 229376) created
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) incremented to 2
# Udev cookie 0xd4d78b0 (semid 229376) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-1216 CRYPT-TEMP-temporary-cryptsetup-1216 OF   [16384] (*1)
# dm reload temporary-cryptsetup-1216  OFW    [16384] (*1)
# dm resume temporary-cryptsetup-1216  OFW    [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d78b0 (semid 229376) decremented to 1
# Udev cookie 0xd4d78b0 (semid 229376) waiting for zero
# Udev cookie 0xd4d78b0 (semid 229376) destroyed
# temporary-cryptsetup-1216: Processing NODE_ADD (253,2) 0:6 0660 [verify_udev]
# temporary-cryptsetup-1216: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-1216 (253:2): read ahead is 256
# temporary-cryptsetup-1216 (253:2): Setting read ahead to 256
# Udev cookie 0xd4de367 (semid 262144) created
# Udev cookie 0xd4de367 (semid 262144) incremented to 1
# Udev cookie 0xd4de367 (semid 262144) incremented to 2
# Udev cookie 0xd4de367 (semid 262144) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-1216  OFT    [16384] (*1)
# temporary-cryptsetup-1216: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4de367 (semid 262144) decremented to 1
# Udev cookie 0xd4de367 (semid 262144) waiting for zero
# Udev cookie 0xd4de367 (semid 262144) destroyed
# temporary-cryptsetup-1216: Processing NODE_DEL [verify_udev]
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/md0
# Key length 32, device size 40832 sectors, header size 2050 sectors.
# Releasing crypt device /dev/md0 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.

[root at localhost ~]# cryptsetup  luksOpen /dev/md0 test
Enter passphrase for /dev/md0: 

[root at localhost ~]# cryptsetup status test
/dev/mapper/test is active.
  type:    LUKS1
  cipher:  twofish-xts-plain64
  keysize: 256 bits
  device:  /dev/md0
  offset:  4096 sectors
  size:    36736 sectors
  mode:    read/write

Milan


More information about the dm-crypt mailing list