[pkg-cryptsetup-devel] Bug#728302: cryptsetup: luksChangeKey does NOT ask twice for the new passphrase
Michael Schmitt
tcwardrobe at gmail.com
Wed Oct 30 12:21:16 UTC 2013
Package: cryptsetup
Version: 2:1.6.1-1
Severity: important
Dear Maintainer,
"cryptsetup luksChangeKey /dev/luks_volume" does ask once for the old
passphrase and then only once for the new passphrase, which may lead to
severe dataloss, if the user types the new passphrase wrong. Miss-typed
or keypress was to soft, breadcrumbs under a key, there are several
reasons why mishaps may happen and in its current form this limitation
seriously asks for such issues to arise sooner than later.
Please change the behaviour, so that cryptsetup asks twice for the new
passphrase!
regards
Michael
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (50, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.10-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.6.1-1
ii debconf [debconf-2.0] 1.5.51
ii dmsetup 2:1.02.77-6+b1
ii libc6 2.17-93
ii sysv-rc 2.88dsf-43
Versions of packages cryptsetup recommends:
ii busybox 1:1.20.0-9
ii console-setup 1.102
ii initramfs-tools [linux-initramfs-tool] 0.114
ii kbd 1.15.5-1
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.16-2
ii liblocale-gettext-perl 1.05-7+b2
-- debconf information excluded
More information about the pkg-cryptsetup-devel
mailing list