On 2016-01-20 21:03:13, Wiebe Cazemier wrote: > ----- Original Message ----- > > From: "Wiebe Cazemier" <wiebe@xxxxxxxxxxxx> > > To: "Tyler Hicks" <tyhicks@xxxxxxxxxxxxx> > > Cc: ecryptfs@xxxxxxxxxxxxxxx > > Sent: Wednesday, 20 January, 2016 8:51:43 PM > > Subject: Re: Key derivation and passprhase wrapping > > > > I think I missed an important bit. I was looking at ecryptfs-wrap-passphrase, > > which makes you supply the FEK and FEKEK, but ecryptfs-setup-private > > actually already uses a random passphrase: > > > > -m, --mountpass MOUNTPASS > > Passphrase for mounting the ecryptfs directory, default is 16 bytes from > > /dev/urandom if omitted > > > > I do see an issue though. The bash script says: > > random_data=`head -c 16000 /dev/urandom | od -x` || error_testing "$temp" "$(gettext 'Could not generate random data')" > > But when urandom can't be read (doesn't exist, no file handles, whatever): > > random_data=`head -c 16000 /dev/urando | od -x` || echo "fail" > head: cannot open ‘/dev/urando’ for reading: No such file or directory > > Note, no 'fail' and $? == 0. And: > > echo $random_data > 0000000 For completeness, we should mention that this is being tracked in Launchpad: https://launchpad.net/bugs/1539553 Tyler
Attachment:
signature.asc
Description: Digital signature
