[pkg-cryptsetup-devel] Bug#758788: Bug#758788: cryptsetup: Passphrase caching broken in decrypt_keyctl
Jonas Meurer
jonas at freesources.org
Thu Aug 21 14:22:21 UTC 2014
Hello Marek,
thanks for your bugreport.
Am 21.08.2014 um 13:22 schrieb Marek Królikowski:
> Dear Maintainer,
> after upgrade to 2:1.6.6-1 I have to enter passphrase for each of crypttab entries.
> Desired behavior is for cryptsetup to try cached passphrase for crypptab entries with
> the same identifier (pw1 in this case).
>
> Working configurations:
> - cryptsetup 2:1.6.4-4
> - cryptsetup 2:1.6.6-1 with decrypt_keyctl copied from 2:1.6.4-4
The decrypt_keyctl keyscript was changed with the last upload of
cryptsetup in order to fix a bug when a wrong passphrase was entered.
See the bugreport for more details:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748368
Do you unlock your devices in initramfs or with the initscript?
I guess that something is wrong with the environment variable
CRYPTTAB_TRIED. This variable should contain the count of tries to
unlock one particular dm-crypt device.
Can you add some debugging code to your script in order to print the
value of CRYPTTAB_TRIED?
A simple 'echo "CRYPTTAB_TRIED: $CRYPTTAB_TRIED"' at line 36 of the
script should already do the job. Please report back your observations.
Also, can you please report back what happens if you enter a wrong
password (both with the new version of decrypt_keyctl and with the old one).
Kind regards,
jonas
More information about the pkg-cryptsetup-devel
mailing list