[pkg-cryptsetup-devel] Bug#1000634: cryptsetup-bin: accepts interactive passwords >= maximum allowed characters and gives no warning or error
Sebastian
s.schauenburg at gmail.com
Fri Nov 26 09:12:43 GMT 2021
Package: cryptsetup-bin
Version: 2:2.3.5-1
Severity: normal
X-Debbugs-Cc: s.schauenburg at gmail.com
Dear Maintainer,
I've been using cryptsetup with LUKS for a while and recently upgraded
to Debian 11 (bullseye). At that point I was suddenly unable to acces the
encrypted image volumes with my password. I used an extremely long
interactive password (1024 characters). Accessing the encrypted volumes
was possible using Debian 10, but not Debian 11. After some debugging, I
found out that:
- creating an encrypted volume with a password > 512 characters is
possible (both in bullseye and buster)
- apparently buster and bullseye handle password, which are too long,
differently
- it is possible to access the encrypted volume with that large
password, but only if you use the same Debian version.
- images created on buster, can be opened on buster
- images created on bullseye, can be opened on bullseye
- images created on buster, could _not_ be opened on bullseye
- the only way to check the maximum password length, is by running
cryptsetup --help (it is not referenced in the man page, only for key
sizes)
- there is no feedback, when using a password that is too long:
cryptsetup luksAddKey --key-slot 5 file.img
Enter any existing passphrase:
Enter new passphrase for key slot:
Verify passphrase:
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-9-amd64 (SMP w/1 CPU thread)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup-bin depends on:
ii libblkid1 2.36.1-8
ii libc6 2.31-13+deb11u2
ii libcryptsetup12 2:2.3.5-1
ii libpopt0 1.18-2
ii libuuid1 2.36.1-8
cryptsetup-bin recommends no packages.
cryptsetup-bin suggests no packages.
More information about the pkg-cryptsetup-devel
mailing list