[dm-crypt] maximum keyfile size
.. ink ..
mhogomchungu at gmail.com
Thu Jun 28 13:22:29 CEST 2012
resending the email with below content to list, didnt check were i
sent the email and i ended up sending it not to the list
On Thu, Jun 28, 2012 at 7:17 AM, .. ink .. <mhogomchungu at gmail.com> wrote:
>> Passphrase is interactively entered string
>> (from real terminal, not stdint), keyfile is everything else.
> i know ssh prevents reading passphrase from stdin and demands a "real terminal"
> I have just spent hours googling looking for any security problems
> that arise from not caring if the passphrase came from tty,file or
> pipe and havent found anything.Any person know of a link i can read up
> to get more info?.
> i tried with version 1.5.0 rc1 and 1.3.1 to see how cryptsetup behaves
> when it asks for a key interactively while started on a background and
> this is what i saw. There seem to be a buffer overflow somewhere.
> [root at mtz sbin]# ./cryptsetup luksOpen /dev/sdc1 xxx &
>  29690
> [root at mtz sbin]# Enter passphrase for /dev/sdc1: pp
> Usage: pp -t type [-a] [-i input] [-o output]
> -t type Specify the input type (must be one of private-key,
> public-key, certificate, certificate-request,
> pkcs7, crl or name)
> -a Input is in ascii encoded form (RFC1113)
> -i input Define an input file to use (default is stdin)
> -o output Define an output file to use (default is stdout)
> + Stopped ./cryptsetup luksOpen /dev/sdc1 xxx
> [root at mtz sbin]#
More information about the dm-crypt