On Tue, Nov 7, 2017 at 7:45 PM, Milan Broz <gmazyland@xxxxxxxxx> wrote: > On 11/07/2017 05:51 PM, Jan Tulak wrote: >> Is it possible to test whether a passphrase is strong enough (and >> luksFormat will accept it), without the need to really create a device >> with this passphrase? I ask because I want to test the password before >> I run a sequence of commands and I don't want them to fail in the >> middle just because of a weak passphrase. > > Cryptsetup/LUKS does not itself enforce any passphrase quality, it is libpwquality > that libcryptsetup can be linked to (optionally, we use it in all Red Hat distros). > > See man for pwquality library (the idea is to enforce password policy for the whole > distro, so it uses configuration pwquality file). > >> I checked for the --test-passphrase, but that verifies if the >> passphrase would decrypt an existing device, which is not what I want. > > This tests only LUKS, pwquality is called only in Format. > > m. Ah, thanks for directing me the right way. :-) Cheers, Jan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
