[arch-projects] [initscripts][PATCH] crypttab: warn if using passphrase in /etc/crypttab
Matthew Monaco
dgbaley27 at 0x01b.net
Sat Mar 17 14:29:32 EDT 2012
On 03/17/2012 10:36 AM, Thomas Bächler wrote:
> Am 17.03.2012 13:54, schrieb Tom Gundersen:
>> There is no reason not to use a keyfile, and allowing literal passphrases
>> in crypttab has caused issues with the parsing in the past. Furthermore,
>> it is not supported by any other crypttab implementation (to the best of my
>> knowledge). The use of keyfiles have been the recomendation in /etc/crypttab
>> for as long as I can remember.
>>
>> We are looking at refactoring the encryption support, and I think it makes
>> sense to drop support for this when we move to the new implementation.
>
> There's some special considerations when using keyfiles:
>
> cryptsetup strips the trailing newline from passphrases, but not from
> keyfiles. When using your passphrase from a keyfile, you need to make
> sure you put it in there without a trailing newline. Or (if you use
> LUKS), you can add any keyfile as a new keyslot.
The Debian manpage just gives a warning. Systemd doesn't do anything about this.
There could just be a warning with instructions on how to remove the newline.
More information about the arch-projects
mailing list