[dm-crypt] Empty key files vs empty passwords in plain mode

Quentin Lefebvre qlefebvre_pro at yahoo.com
Wed Nov 19 22:24:45 CET 2014


I experienced some troubles recently with Debian's cryptsetup package 
(testing version), which version is 1.6.6.
I found out that empty key files get refused by cryptsetup, for example:
cat empty_file | cryptsetup --debug --key-file=- open --type plain 
/test1.loop test1
gets rejected.
The debug output directly leads to a test in utils_crypt.c that, I 
think, should be removed.

Indeed, empty passwords are accepted, so it make sense to accept also 
empty inputs.
Especially in Debian, where cryptdisks_start script calls:
/lib/cryptsetup/askpass | cryptsetup --key-file=- open --type [type] 
[src] [dst]

What do you think about this issue?
Shall I send a patch for that?

Best regards,

PS: I checked against the git version, the problem is not solved and 
actually exactly the same.

More information about the dm-crypt mailing list