[arch-projects] [initscripts][PATCH] crypttab: warn if using passphrase in /etc/crypttab

Tom Gundersen teg at jklm.no
Sat Mar 17 08:54:16 EDT 2012

There is no reason not to use a keyfile, and allowing literal passphrases
in crypttab has caused issues with the parsing in the past. Furthermore,
it is not supported by any other crypttab implementation (to the best of my
knowledge). The use of keyfiles have been the recomendation in /etc/crypttab
for as long as I can remember.

We are looking at refactoring the encryption support, and I think it makes
sense to drop support for this when we move to the new implementation.

Cc: Thomas Bächler <thomas at archlinux.org>
Cc: Matthew Monaco <matt at 0x01b.net>
Cc: Dave Reisner <d at falconindy.com>
Signed-off-by: Tom Gundersen <teg at jklm.no>
 functions |    1 +
 1 file changed, 1 insertion(+)

diff --git a/functions b/functions
index 11ab11f..04b7ec4 100644
--- a/functions
+++ b/functions
@@ -444,6 +444,7 @@ do_unlock() {
 			cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;;
+			printf "${C_FAIL}crypttab contains a literal encryption key. This will stop working in the future.${C_OTHER}\n"
 			echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;;
 	if (( $? )); then

More information about the arch-projects mailing list