[dm-crypt] Empty key files vs empty passwords in plain mode

Quentin Lefebvre qlefebvre_pro at yahoo.com
Sun Nov 23 16:29:28 CET 2014


Le 23/11/2014 15:57, Milan Broz a écrit :
> On 11/23/2014 03:01 PM, Quentin Lefebvre wrote:
> ...
>>> Well, logically it should be the same. But reading empty keyfile never worked AFAIK
>>
>> Right, and this is just because of a test that returns an error code in
>> case the key file is empty.
>>
>>> and IMHO the case that you encrypt device by empty keyfile by mistake
>>> is more common...
>>
>> I agree and I think there should be at least a warning.
>
> Maybe for luksFormat but not for plain case. Otherwise everyone with access
> to logs or screen scroll up will see that password is empty.
>
> I have a generic rule that cryptsetup output (even debug log) must not
> contain usable information about your password or key.

OK, this makes sense.

>>> I am tempting to say it is a safety feature than bug :-)
>>>
>>> Anyway, please create issue on project page, https://code.google.com/p/cryptsetup/issues/list
>>> If you have a patch, attach it there as well.
>>
>> Sure, I'll do that. But which tool is preferred to write a patch for
>> cryptsetup?
>
> Whatever is applicable. The best is created with "git format-patch" way
> so I can simply apply it to git if it is correct.
>
> There is also repository mirror on github so pull request there will work as well.
> (I will just not use github directly because it is not primary repo.)

Thanks for the advice.

At this point, I think I'll try to write a patch that accepts an empty 
key file, except in the case where --force-password is set (actually I 
didn't know this parameter).

Best,
Quentin



More information about the dm-crypt mailing list