On 03/15/2011 01:09 PM, Arno Wagner wrote: >> I will also limit LUKS keyfile in next version, mistake will cause problems >> (reading the whole device in locked memory -> OOPS or something like that). > > Indeed. What you could do is have it default to error instead of > to cut-down and proceed. That would make more sense, since > cutting it is almost always not going to work. yup. This is common problem for all supported types, so I will probably remove per-type limits, and add one maximal keyfile limit configurable during compile time. Exceeding this limit will cause fail. Limiting keyfile read (if needed - like /dev/urandom or when stored in the beginning of device) should be always possible using --keyfile-size parameter (or --new-keyfile-size for new keyfile option). (This commadline limit option should possibly override maximal compiled-in limit if specified number is larger.) Is it better approach? Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
