[Pkg-cryptsetup-devel] Bug#414326: cryptsetup: cryptsetup starting
its disks should have "verify" as default
Jonas Meurer
jonas at freesources.org
Mon Mar 19 14:58:08 CET 2007
merge 414326 412064
thanks
On 18/03/2007 Joerg Jaspert wrote:
> On 10962 March 1977, Jonas Meurer wrote:
> >> The thing is simple - as subject says the option "verify" should be
> >> default for entries in crypttab. One can always type one letter wrong,
> >> and should not be left with a broken system. (Imaging having all of the
> >> system except / on cryptofoo).
>
> > So you suggest to ask for the passphrase twice at normal cryptsetup
> > startup? Do you suggest it for 'cryptsetup create' only, or also for
> > 'cryptsetup luksOpen'?
>
> luksOpen.
> And maybe verify isnt the right option to use, but to fail immediately
> right after one error is plain wrong. Try an older cryptsetup package,
> it asked 3 times if you entered a passphrase wrong.
Ah, then you experience the same bug as described in #412064.
The problem here is, that cryptsetup no longer accepts the --tries
option. I'm working on a fix for that.
> > I also don't understand why you claim this bug being (IYO) release
> > critical.
>
> It does work differently to sarge, in a broken way. You dont even have
> the chance to correct a simple typo.
Sorry, but cryptsetup in sarge didn't even have LUKS support, so retries
in case that a wrong password was supplied were completely impossible.
cryptsetup (20050111-3) in sarge had only support for plain dm-crypt
encryption, were you have no way to check for the correct password
anyway.
> > Your interpretation that it "breaks [...] (the whole system)" is illogical.
> > Typos are user mistakes, I don't see how i may prevent them from a
> > maintainers point of view.
>
> Just ask 3 times. Or more than once.
>
> > In fact you may find thousands of examples where user mistakes end up in
> > the system being unbootable. Are all these release-critical bugs in your
> > eyes?
>
> If they change a perfectly working behaviour from earlier revisions,
> yes.
I doubt that we get a fix for this bug into etch, as cryptsetup has a
udeb.
greetings
jonas
More information about the Pkg-cryptsetup-devel
mailing list