On Fri, Feb 15, 2013 at 10:01:05AM +0100, Milan Broz wrote: > On 02/14/2013 06:06 PM, .. ink .. wrote:> > > > I think the GUI widget trimmed so you in fact entered just first 64 > bytes. Check with "display password" option... > And try commandline, at least I get > Error: Password is longer than 64 characters. > > I really do not like encryption systems which quietly trims anything > pretending longer password is correct. This is recipe for disaster. I agree. Never, ever, ever quietly degrade a password. Or other input data for that matter. Any GUI doing things like this can only be regarded as fundamentally broken. Silent errors are unacceptable, except in the one case where verbose errors help an attacker. That is not the case here. Arno > I changed return code for TCRYPT oversized passphrase to -EPERM > (So it is handled like "bad passphrase", just early, this is way > I prefer.) > > Thanks, > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
