[dm-crypt] Secret data from stdin

Arno Wagner arno at wagner.name
Thu Aug 16 00:38:10 CEST 2012

On Wed, Aug 15, 2012 at 10:12:27AM -0500, Kent Yoder wrote:
> Hi Arno,
> >>
> >> This appears to work (no message printed, exit status 0).
> >>
> >> What might not be obvious is that if binary_secret contains a '\n'
> >> character, input gets truncated at this point.
> >
> > This is documented in the man-page of the current release under
>   You were right - I was looking at an old git version. The new
> version is clearer IMO.

> >> This should probably be clearer in the man page at a
> >> minimum (see patch), but I think a warning is appropriate too.
> >> Secret processing that stops at \n isn't appropriate for binary
> >> data.
> >
> > And that is the thing here. A passphrase is _not_ binary data!
> > Doing
> >
> >    "cat binary_secret | cryptsetup luksFormat /dev/loop0"
> >
> > is inherently wrong. What you need to do is
> >
> >   "cat file_with_passphrase_that_could_also_be_entered_interactively
> >   | cryptsetup luksFormat /dev/loop0"
>   I agree - just seeing a script that did the first one made me wonder
> if it even worked.

Well, people have to read the documentation if they want it
to work right. It is really not that much for cryptsetup,
just the man-page plus the FAQ. It is not like it has a 500 page
documentation. If people ignore the documentation, they basically
get what they deserve. This problem is worse with crypto, as
lots of problems are non-visible (it works but is insecure), 
but anybody working with crypto needs to understand that.
Those that do not _will_ make fatal mistalkes, no matter 
how much warning is given. Crypto is not a beginners game.

> > As to your patch, I am unable to match your patch to the
> > current version of the man-page. Did you do a "git pull"
> > before? May also be a problem on my side, please verify:
> >
> >> md5sum cryptsetup.8
> > 4fd70bbd1018f95818902144499c2234  cryptsetup.8
>   Yep, I am out of date here.  What do you think about a code change
> that woudl print a big fat warning if non-ascii bytes are detected on
> stdin?  Not changing the behavior (we don't want to break people who
> might be already doing this), but just a warning.

See my reply to Milan.

Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list