[pkg-cryptsetup-devel] Bug#923513: cryptsetup-bin: Can no longer luksFormat as non-root: "Not compatible PBKDF options."
Christoph Biedl
debian.axhn at manchmal.in-ulm.de
Fri Mar 1 10:09:53 GMT 2019
Package: cryptsetup-bin
Version: 2:2.1.0-2
Severity: normal
Dear Maintainer,
it's no longer possible to create a container using cryptsetup
luksFormat as non-root.
Step to reproduce:
$ dd if=/dev/zero bs=16M count=1 of=/tmp/blob
$ /sbin/cryptsetup luksFormat /tmp/blob
... and an arbitrary passphrase, or shorter:
$ echo foo | /sbin/cryptsetup luksFormat /tmp/blob -
Error message:
Not compatible PBKDF options.
Running as root still succeeds - and I haven't compared the strace
output yet for time constraints, sorry.
Workaround:
Declare usage of format 1 like in
$ echo -n foo | cryptsetup luksFormat --type luks1 /tmp/blob -
and possibly some other ways.
This broke the luksmeta test suite, I've fixed that locally for the time
being but this might affect other people. I don't know whether
there's another situation where you would luksFormat as non-root (some
containerization perhaps?), so this might be release notice material as
well.
Kind regards,
Christoph
-- Package-specific info:
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.21 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages cryptsetup-bin depends on:
ii libblkid1 2.33.1-0.1
ii libc6 2.28-8
ii libcryptsetup12 2:2.1.0-2
ii libpopt0 1.16-12
ii libuuid1 2.33.1-0.1
cryptsetup-bin recommends no packages.
cryptsetup-bin suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190301/f0be328b/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list