Re: Key derivation and passprhase wrapping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


----- Original Message -----
> From: "Wiebe Cazemier" <wiebe@xxxxxxxxxxxx>
> To: "Tyler Hicks" <tyhicks@xxxxxxxxxxxxx>
> Cc: ecryptfs@xxxxxxxxxxxxxxx
> Sent: Wednesday, 20 January, 2016 8:51:43 PM
> Subject: Re: Key derivation and passprhase wrapping
> I think I missed an important bit. I was looking at ecryptfs-wrap-passphrase,
> which makes you supply the FEK and FEKEK, but ecryptfs-setup-private
> actually already uses a random passphrase:
> -m, --mountpass MOUNTPASS
>     Passphrase for mounting the ecryptfs directory, default is 16 bytes from
>     /dev/urandom if omitted

I do see an issue though. The bash script says:

  random_data=`head -c 16000 /dev/urandom | od -x` || error_testing "$temp" "$(gettext 'Could not generate random data')"

But when urandom can't be read (doesn't exist, no file handles, whatever):

  random_data=`head -c 16000 /dev/urando | od -x` || echo "fail"
  head: cannot open ‘/dev/urando’ for reading: No such file or directory

Note, no 'fail' and $? == 0. And:

  echo $random_data


To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Index of Archives]     [Linux Crypto]     [Device Mapper Crypto]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux