[dm-crypt] cryptsetup --veracrypt opens legacy TrueCrypt volumes

segfault segfault at riseup.net
Tue Oct 10 23:36:10 CEST 2017


Milan Broz:
> On 10/10/2017 10:42 PM, segfault wrote:
>> I'm currently working on integrating support for unlocking VeraCrypt and
>> TrueCrypt via udisks and GNOME Disks. I just noticed that if the
>> cryptsetup unlock function is called with the VeraCrypt option, it also
>> tries the legacy TrueCrypt modes in addition to the VeraCrypt modes. As
>> a result, it is possible to unlock legacy TrueCrypt volumes even if the
>> VeraCrypt option is used. This makes things easier for me, because I
>> don't have to ask the user to tell me if the volume is VeraCrypt or
>> TrueCrypt. I just want to make sure: Is this expected behavior and can I
>> rely on this staying this way?
> 
> Yes, it is intentional.
> 
> The Veracrypt switch just adds new modes to check (and new signature)
> but all Truecrypt modes are checked as well.

Great!

> The reason it is separated is that opening Veracypt volumes can take very long time
> (because of increased number of iterations). Try to open some volume with
> wrong password (and add --debug to see how it iterates through all possible algorithms).

Right. So we could still ask the user, in order to allow faster
unlocking of TrueCrypt volumes. I expect that UX-wise fewer options will
be better than a few seconds less waiting for unlocking, but this we
will discuss on other channels.

Thanks for the quick answer!


More information about the dm-crypt mailing list