[dm-crypt] [ANNOUNCE] cryptsetup 1.6.6

Arno Wagner arno at wagner.name
Sat Aug 16 13:25:04 CEST 2014


On Sat, Aug 16, 2014 at 12:49:30 CEST, Milan Broz wrote:
> The stable cryptsetup 1.6.6 release is available at
[...]
> Cryptsetup API NOTE:
> The direct terminal handling for passphrase entry will be removed from
> libcryptsetup in next major version (application should handle it itself).
> 
> It means that you have to always either provide password in buffer or set
> your own password callback function through crypt_set_password_callback().
> See API documentation (or libcryptsetup.h) for more info.

I think this is an excellent idea. Direct terminal handling is
not the job of a disk-encryption library. The way it is done 
may also have quite a few details that are not readily obvious,
but can have security implications.

It may be a good idea to put the old way into the documentation
though and have some source-code fragment for it. If not too 
long, I could use that as the start of a libcryptsetup section 
in the FAQ or as the start of a libcryptsetup-specific FAQ.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list