[Pkg-cryptsetup-devel] Bug#471729: cryptsetup: option to have keyscript fallback on passphrase input

[Christian Pernegger]

Package: cryptsetup
Version: 2:1.0.6~pre1+svn45-1
Severity: wishlist


Currently the cryptroot script seems to support EITHER a keyscript OR
passphrase input via console, but not both. I think when using a
keyscript it should fallback to passphrase input if that fails a few
times.

It is probably possible to do this fallback in the keyscript but that
seems like a hack to me. Furthermore I'm not sure if the password
processing makes a difference. Regular passphrase input is hashed,
while the manpage implies that keys read via '--keyfile=-' (which is
what the keyscript option does) is not.

Regards,

Chris


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.24-3 The Linux Kernel Device Mapper use
ii  libc6                        2.7-6       GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.24-3 The Linux Kernel Device Mapper use
ii  libpopt0                     1.10-3      lib for parsing cmdline parameters
ii  libuuid1                     1.40.6-1    universally unique id library

cryptsetup recommends no packages.

-- no debconf information