[arch-projects] [initscripts][PATCH] crypttab: warn if using passphrase in /etc/crypttab

Thomas Bächler thomas at archlinux.org
Sat Mar 17 12:36:23 EDT 2012


Am 17.03.2012 13:54, schrieb Tom Gundersen:
> There is no reason not to use a keyfile, and allowing literal passphrases
> in crypttab has caused issues with the parsing in the past. Furthermore,
> it is not supported by any other crypttab implementation (to the best of my
> knowledge). The use of keyfiles have been the recomendation in /etc/crypttab
> for as long as I can remember.
> 
> We are looking at refactoring the encryption support, and I think it makes
> sense to drop support for this when we move to the new implementation.

There's some special considerations when using keyfiles:

cryptsetup strips the trailing newline from passphrases, but not from
keyfiles. When using your passphrase from a keyfile, you need to make
sure you put it in there without a trailing newline. Or (if you use
LUKS), you can add any keyfile as a new keyslot.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20120317/20c158e6/attachment.asc>


More information about the arch-projects mailing list