[dm-crypt] luksAddKey hangs for ~85 minutes and then fails

Joe Hillenbrand joehillen at gmail.com
Tue Jun 21 17:51:07 CEST 2016


I gathered the requested output. Unfortunately, it doesn't look very
helpful. Each command took about +95 minutes.

On Mon, Jun 20, 2016 at 8:24 PM, Milan Broz <gmazyland at gmail.com> wrote:
>
> Does it work if you just open the device? For example try
>
> cryptsetup luksOpen /dev/md1 --test-passphrase

Yes, I can open and mount it fine.

>
>> and then fails with the "Not compatible PBKDF2 options" message and exit code 1.
>>
>>     $ sudo cryptsetup luksAddKey /dev/md1 /etc/.md1.key
>>     Enter any existing passphrase:
>>     Not compatible PBKDF2 options (using hash algorithm sha256).
>
> Could you please send output with added --debug switch?

# cryptsetup 1.7.1 processing "cryptsetup luksAddKey --debug /dev/md1
/etc/.md1.key"
# Running command luksAddKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/md1 context.
# Trying to open and read device /dev/md1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/md1.
# Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1.
# Detected kernel Linux 4.6.2-1-ARCH x86_64.
# Reading LUKS header of size 1024 from device /dev/md1
# Key length 32, device size 11720126464 sectors, header size 2050 sectors.
# Password verification disabled.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 miliseconds.
# Interactive passphrase entry requested.
Enter any existing passphrase:
# Checking volume  [keyslot -1] using passphrase.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.
# File descriptor passphrase entry requested.
# Adding new keyslot, existing passphrase provided,new passphrase provided.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.
# Calculating data for key slot 1
Not compatible PBKDF2 options (using hash algorithm sha256).
# Releasing crypt device /dev/md1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 22: Invalid argument


> It is failing PBKDF2 benchmark here so please try and send output
> of these commands as well:
>
> cryptsetup benchmark -h sha256 --debug

# cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha256 --debug"
# Running command benchmark.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Tests are approximate using memory only (no storage IO).
# Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1.
# Detected kernel Linux 4.6.2-1-ARCH x86_64.
PBKDF2-sha256        N/A
Command failed with code 22.

> cryptsetup benchmark -h sha1 --debug

# cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha1 --debug"
# Running command benchmark.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Tests are approximate using memory only (no storage IO).
]# Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library
version 1.7.1.
# Detected kernel Linux 4.6.2-1-ARCH x86_64.
PBKDF2-sha1          N/A
Command failed with code 22.

> What distro and version it is?

Arch

> Do you compile anything (kernel, cryptsetup, library...) yourself?

No. It's all stock.


More information about the dm-crypt mailing list