On 02/14/2013 05:39 PM, .. ink .. wrote: > > wouldnt it be better to just cut off the key at the 65th character > instead of failing out? > I did a test here.and I created a truecrypt volume with a key of 70 > characters and truecrypt created the volume and could open it but > cryptsetup failed to open the volume. which version? I tried it on some latest GUI and it did not allow me to enter more than 64 chars. But yes, trim passphrase and add warning message in verbose mode is perhaps better. I do not like it but if it is how it is handled there... > truecrypt seem to handle a key with longer length and use only the > length it needs and i think cryptsetup should do the same.It will be > odd to users of cryptsetup when their passphrase works with truecrypt > but fail with cryptsetup Btw if anyone interested why there is 64 char limit - from Truecrypt 1.0 changelog: "* The maximum volume password length has been decreased from 100 to 64 characters. This was necessary to avoid the following: When a password longer than 64 characters was passed to HMAC-SHA-1, the whole password was first hashed using SHA-1 and the resultant 160-bit value was then used instead of the original password (which complies with HMAC-SHA-1 specification), thus the password length was in fact reduced." Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
