[pkg-cryptsetup-devel] Bug#509071: cryptsetup: cleanly define the tries-parameter and wo is responsible for it

Christoph Anton Mitterer Christoph.Anton.Mitterer at physik.uni-muenchen.de
Thu Dec 18 01:24:43 UTC 2008 

Package: cryptsetup
Version: 2:1.0.6-6
Severity: wishlist

Currently, AFAIK it's not fully decided how tries should be implemented.
This is not a major issue for me, but a least a little blocking in my  
ongoing ;) works on mostly automated decrypt_openpgp script.

I'd suggest the following:
1) tries=n means that the user hast n tries to enter the password (not  
n retries, which would mean a total of n+1 tries)

2) Implementation of tries is in the responsibility of the keyscripts  
and nothing else.
The reason is: Only the keyscripts know what is necessary to repeat  
for new try.
e.g. my decrypt_openpgp first invokes passdev (if device:path syntax  
was used) to get the key from an usb-stick, then it uses askpass and  
then gpg or gpg2 or anything else (ok currently only gpg and gpg2  
support OpenPGP in Debian AFAIK).
For a retry it's enough to read a new passphrase and invoke gpg, the  
passdev stuff doesn't have to be repeated

3) Provide the keyscripts with an additional parameter, which is the  
tries value
This should give us some backwards compatibility.
And if a script doesn't implement tries itself,.. it would simply give  
just one try.

4) Specify that tries=0 means infinite tries (which might be important  
for encrypted root-filesystems

I think I could help here.

Thanks,
Chris.

-- System Information:
Debian Release: 5.0
   APT prefers unstable
   APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.27-4 The Linux Kernel Device  
Mapper use
ii  libc6                        2.7-16      GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.27-4 The Linux Kernel Device  
Mapper use
ii  libpopt0                     1.14-4      lib for parsing cmdline  
parameters
ii  libuuid1                     1.41.3-1    universally unique id library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  dosfstools                    3.0.1-1    utilities for making and checking
ii  initramfs-tools [linux-initra 0.92m      tools for generating an initramfs
ii  udev                          0.125-7    /dev/ and hotplug  
management daemo

-- no debconf information


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the pkg-cryptsetup-devel mailing list