On 11/22/2013 12:56 PM, shmick@xxxxxxxxxx wrote: > > > Milan Broz: >> On 11/22/2013 09:38 AM, shmick@xxxxxxxxxx wrote: >> >>> >>> why does luksFormat succeed using a simple short password and fail with >>> a more complex, longer one ? >>> >>> this occurs in parted magic boot cd from 28-02-2013 >> >> It seems that there is no free download. Sorry, cannot even try it. Ask them. > > yes i believe the author of that went through some troubles a while back > - i was not aware you could not download any version anymore > >> >> It works with upstream build, in fact, maximal interactive password length >> can be seen in cryptsetup --help: > > mind if i ask which distro you were able to successfully luksFormat to > in cryptsetup 1.6.2 issuing: Fedora, RHEL, CentOS, Debian, Gentoo, ... If you run just configure without switches, you should get working output. (Obviously you need all library dependences configured.) Maybe you can try to compile it with --disable-udev but this can add way of more problems than you already have. But as I said, you do not need to compile it yourself, use distro version. Sorry, this is not upstream issue, maybe someone on list using the same distro can help better. > cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 > --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0 FYI this is how it should work (password is >100 chars), this is on Fedora 19 with system installed cryptsetup (1.6.2) for example. [root@localhost ~]# cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0 # cryptsetup 1.6.2 processing "cryptsetup --debug --hash sha512 --cipher twofish-xts-plain64 --use-random --key-size 256 --iter-time 2000 luksFormat /dev/md0" # Running command luksFormat. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. WARNING! ======== This will overwrite data on /dev/md0 irrevocably. Are you sure? (Type uppercase yes): YES # Allocating crypt device /dev/md0 context. # Trying to open and read device /dev/md0. # Initialising device-mapper backend library. # Timeout set to 0 miliseconds. # Iteration time set to 2000 miliseconds. # RNG set to 1 (random). # Interactive passphrase entry requested. Enter passphrase: Verify passphrase: # Checking new password using default pwquality settings. # New password libpwquality score is 100. # Formatting device /dev/md0 as type LUKS1. # Crypto backend (gcrypt 1.5.3) initialized. # Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes. # Generating LUKS header version 1 using hash sha512, twofish, xts-plain64, MK 32 bytes # Crypto backend (gcrypt 1.5.3) initialized. # KDF pbkdf2, hash sha512: 137248 iterations per second. # Data offset 4096, UUID 412085a1-3abe-4f36-8826-7711c8ce6c28, digest iterations 33500 # Updating LUKS header of size 1024 on device /dev/md0 # Key length 32, device size 40832 sectors, header size 2050 sectors. # Reading LUKS header of size 1024 from device /dev/md0 # Key length 32, device size 40832 sectors, header size 2050 sectors. # Adding new keyslot -1 using volume key. # Calculating data for key slot 0 # Crypto backend (gcrypt 1.5.3) initialized. # KDF pbkdf2, hash sha512: 131863 iterations per second. # Key slot 0 use 128771 password iterations. # Using hash sha512 for AF in key slot 0, 4000 stripes # Updating key slot 0 [0x1000] area. # Calculated device size is 250 sectors (RW), offset 8. # Detected kernel Linux 3.11.8-200.fc19.x86_64 x86_64. # dm version OF [16384] (*1) # dm versions OF [16384] (*1) # Detected dm-crypt version 1.12.1, dm-ioctl version 4.25.0. # Device-mapper backend running with UDEV support enabled. # DM-UUID is CRYPT-TEMP-temporary-cryptsetup-1216 # Udev cookie 0xd4d78b0 (semid 229376) created # Udev cookie 0xd4d78b0 (semid 229376) incremented to 1 # Udev cookie 0xd4d78b0 (semid 229376) incremented to 2 # Udev cookie 0xd4d78b0 (semid 229376) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe) # dm create temporary-cryptsetup-1216 CRYPT-TEMP-temporary-cryptsetup-1216 OF [16384] (*1) # dm reload temporary-cryptsetup-1216 OFW [16384] (*1) # dm resume temporary-cryptsetup-1216 OFW [16384] (*1) # temporary-cryptsetup-1216: Stacking NODE_ADD (253,2) 0:6 0660 [verify_udev] # temporary-cryptsetup-1216: Stacking NODE_READ_AHEAD 256 (flags=1) # Udev cookie 0xd4d78b0 (semid 229376) decremented to 1 # Udev cookie 0xd4d78b0 (semid 229376) waiting for zero # Udev cookie 0xd4d78b0 (semid 229376) destroyed # temporary-cryptsetup-1216: Processing NODE_ADD (253,2) 0:6 0660 [verify_udev] # temporary-cryptsetup-1216: Processing NODE_READ_AHEAD 256 (flags=1) # temporary-cryptsetup-1216 (253:2): read ahead is 256 # temporary-cryptsetup-1216 (253:2): Setting read ahead to 256 # Udev cookie 0xd4de367 (semid 262144) created # Udev cookie 0xd4de367 (semid 262144) incremented to 1 # Udev cookie 0xd4de367 (semid 262144) incremented to 2 # Udev cookie 0xd4de367 (semid 262144) assigned to REMOVE task(2) with flags (0x0) # dm remove temporary-cryptsetup-1216 OFT [16384] (*1) # temporary-cryptsetup-1216: Stacking NODE_DEL [verify_udev] # Udev cookie 0xd4de367 (semid 262144) decremented to 1 # Udev cookie 0xd4de367 (semid 262144) waiting for zero # Udev cookie 0xd4de367 (semid 262144) destroyed # temporary-cryptsetup-1216: Processing NODE_DEL [verify_udev] # Key slot 0 was enabled in LUKS header. # Updating LUKS header of size 1024 on device /dev/md0 # Key length 32, device size 40832 sectors, header size 2050 sectors. # Reading LUKS header of size 1024 from device /dev/md0 # Key length 32, device size 40832 sectors, header size 2050 sectors. # Releasing crypt device /dev/md0 context. # Releasing device-mapper backend. # Unlocking memory. Command successful. [root@localhost ~]# cryptsetup luksOpen /dev/md0 test Enter passphrase for /dev/md0: [root@localhost ~]# cryptsetup status test /dev/mapper/test is active. type: LUKS1 cipher: twofish-xts-plain64 keysize: 256 bits device: /dev/md0 offset: 4096 sectors size: 36736 sectors mode: read/write Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
