On 11/23/2014 01:44 PM, Quentin Lefebvre wrote: >> I experienced some troubles recently with Debian's cryptsetup package >> (testing version), which version is 1.6.6. >> I found out that empty key files get refused by cryptsetup, for example: >> cat empty_file | cryptsetup --debug --key-file=- open --type plain >> /test1.loop test1 >> gets rejected. >> The debug output directly leads to a test in utils_crypt.c that, I >> think, should be removed. >> >> Indeed, empty passwords are accepted, so it make sense to accept also >> empty inputs. >> Especially in Debian, where cryptdisks_start script calls: >> /lib/cryptsetup/askpass | cryptsetup --key-file=- open --type [type] >> [src] [dst] >> >> What do you think about this issue? >> Shall I send a patch for that? Well, logically it should be the same. But reading empty keyfile never worked AFAIK and IMHO the case that you encrypt device by empty keyfile by mistake is more common... I am tempting to say it is a safety feature than bug :-) Anyway, please create issue on project page, https://code.google.com/p/cryptsetup/issues/list If you have a patch, attach it there as well. I will get to it but this is not really urgent issue to solve. BTW I would better suggest that Debian uses pwquality library with some sane defaults and will not allow users to enter so weak passwords in the first place... (There is always --force-password switch so your issue is still kind of problem for testing though.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
