[arch-projects] [initscripts][PATCH] crypttab: warn if using passphrase in /etc/crypttab
thomas at archlinux.org
Sat Mar 17 12:36:23 EDT 2012
Am 17.03.2012 13:54, schrieb Tom Gundersen:
> There is no reason not to use a keyfile, and allowing literal passphrases
> in crypttab has caused issues with the parsing in the past. Furthermore,
> it is not supported by any other crypttab implementation (to the best of my
> knowledge). The use of keyfiles have been the recomendation in /etc/crypttab
> for as long as I can remember.
> We are looking at refactoring the encryption support, and I think it makes
> sense to drop support for this when we move to the new implementation.
There's some special considerations when using keyfiles:
cryptsetup strips the trailing newline from passphrases, but not from
keyfiles. When using your passphrase from a keyfile, you need to make
sure you put it in there without a trailing newline. Or (if you use
LUKS), you can add any keyfile as a new keyslot.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the arch-projects