From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1ODwQi-0003KP-0D for garchives@archives.gentoo.org; Mon, 17 May 2010 09:16:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 23DD7E079D; Mon, 17 May 2010 09:15:02 +0000 (UTC) Received: from zion.lichtfels.com (zion.lichtfels.com [88.198.33.170]) by pigeon.gentoo.org (Postfix) with ESMTP id C2EC5E079F for ; Mon, 17 May 2010 09:15:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zion.lichtfels.com (Postfix) with ESMTP id CDDDB18400A; Mon, 17 May 2010 11:14:54 +0200 (CEST) Received: from zion.lichtfels.com ([127.0.0.1]) by localhost (zion [127.0.0.1]) (amavisd-maia, port 10024) with LMTP id 26494-06; Mon, 17 May 2010 11:14:30 +0200 (CEST) Received: from [172.32.99.12] (mail.oops.co.at [213.129.238.225]) by zion.lichtfels.com (Postfix) with ESMTPA id 2695C184006; Mon, 17 May 2010 11:14:28 +0200 (CEST) Message-ID: <4BF108F3.1080304@xunil.at> Date: Mon, 17 May 2010 11:14:27 +0200 From: "Stefan G. Weichinger" Organization: oops! User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100410 Lightning/1.0b2pre Thunderbird/3.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: Jan Engelhardt CC: gentoo-user@lists.gentoo.org, Daniel Troeder , walt , Florian Philipp , Jason Dusek , Till Maas , hanno@gentoo.org Subject: [gentoo-user] Re: Kernel upgrade and now LUKS failure References: In-Reply-To: X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-maia at lichtfels.com X-Archives-Salt: 49740563-5a95-4010-acfa-46c6825ec461 X-Archives-Hash: 4d452cb2aa00bb0c037689f48bf69f55 Am 16.05.2010 14:36, schrieb Jan Engelhardt: > [Replying to > http://thread.gmane.org/gmane.linux.gentoo.user/229533/focus=229542 > ] > > In my personal opinion, both the quality of shell commands and key > generation is suboptimal. What makes it bad is that people follow > it. > > First, it generates a key which does not exploit the entire space. > People claim it's because they want an ASCII readout, but frankly, > you get the same with `hexdump -C`. > > Second, it's using echo without the -n parameter, thus implicitly > inserting a newline into the key -- which is the cause for yoru > observed mounting problems. > > Third, because you are passing the key via stdin into cryptsetup, it > only uses the first line of whatever you pipe into it; whereas > pam_mount uses the entire keyfile as it is supposed to be. > > (Fourth, the howto suggests ECB, which, well, looks rather weak > considering the ECB's Tux picture on Wikipedia.) > > All of that should be in doc/bugs.txt, and mount.crypt even warns > about ECB. You really cannot ignore seeing that. > > Phew! Jan, thanks for your suggestions. I created a new LUKS-volume and tried to avoid all the mentioned pitfalls (I used "echo -n", avoided stdin etc.), but this didn't help here. The new volume is not mounted with pam_mount-2.1, but mounted OK with pam_mount-1.33. And, btw, as mentioned in the original thread, I use CBC, not ECB ;-) -- Your CCing Daniel didn't work maybe, wrong address, I corrected it for this reply) -- I CC: hanno@gentoo.org to link to the gentoo bug http://bugs.gentoo.org/show_bug.cgi?id=318865 Thanks, regards, Stefan