diff --git a/ChangeLog b/ChangeLog
index 917b1f97..9693ed5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2012-03-16  Milan Broz  <mbroz@redhat.com>
+	* Unify password verification option.
+	* Support password verification with quiet flag if possible. (1.2.0)
+
 2012-02-11  Milan Broz  <mbroz@redhat.com>
 	* Add --master-key-file option to luksOpen (open using volume key).
 
diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c
index c95e50bd..cf393388 100644
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -273,7 +273,7 @@ int crypt_get_key(const char *prompt,
 	/* Passphrase read from stdin? */
 	read_stdin = (!key_file || !strcmp(key_file, "-")) ? 1 : 0;
 
-	if(read_stdin && isatty(STDIN_FILENO))
+	if (read_stdin && isatty(STDIN_FILENO))
 		return crypt_get_key_tty(prompt, key, key_size, timeout, verify, cd);
 
 	if (read_stdin)
diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index a396439c..70d5a05f 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -247,6 +247,9 @@ and it is full 64bit version of plain IV. For more info please see FAQ.
 .B "\-\-verify-passphrase, \-y"
 query for passwords twice. Useful when creating a (regular) mapping
 for the first time, or when running \fIluksFormat\fR.
+
+Password verification option is ignored if requested on non terminal
+input (like pipe of file).
 .TP
 .B "\-\-key-file, \-d"
 use file as key material.
@@ -347,8 +350,10 @@ This option is only relevant to the LUKS operations as
 Note that 0 means default.
 .TP
 .B "\-\-batch-mode, \-q"
-Do not ask for confirmation. Use with care! This option is only relevant
-for \fIluksFormat\fR, \fIluksAddKey\fR, \fIluksRemoveKey\fR or \fIluksKillSlot\fR.
+Do not ask for confirmation. Use with care!
+
+If \-y option is not specified, batch mode option also switches off
+passphrase verification for \fIluksFormat\fR.
 .TP
 .B "\-\-timeout, \-t"
 The number of seconds to wait before timeout. This option is relevant every
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 055f046e..141d0d8c 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -152,7 +152,7 @@ static int _yesDialog(const char *msg, void *usrptr __attribute__((unused)))
 	size_t size = 0;
 	int r = 1;
 
-	if(isatty(0) && !opt_batch_mode) {
+	if(isatty(STDIN_FILENO) && !opt_batch_mode) {
 		log_std("\nWARNING!\n========\n");
 		log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
 		if(getline(&answer, &size, stdin) == -1) {
@@ -199,6 +199,24 @@ static void _quiet_log(int level, const char *msg, void *usrptr)
 	_log(level, msg, usrptr);
 }
 
+static int _verify_passphrase(int def)
+{
+	/* Batch mode switch off verify - if not overrided by -y */
+	if (opt_verify_passphrase)
+		def = 1;
+	else if (opt_batch_mode)
+		def = 0;
+
+	/* Non-tty input doesn't allow verify */
+	if (def && !isatty(STDIN_FILENO)) {
+		if (opt_verify_passphrase)
+			log_err(_("Can't do passphrase verification on non-tty inputs.\n"));
+		def = 0;
+	}
+
+	return def;
+}
+
 static void show_status(int errcode)
 {
 	char error[256], *error_;
@@ -294,7 +312,7 @@ static int action_create(int arg __attribute__((unused)))
 		r = crypt_get_key(_("Enter passphrase: "),
 				  &password, &passwordLen, opt_keyfile_size,
 				  NULL, opt_timeout,
-				  opt_batch_mode ? 0 : opt_verify_passphrase,
+				  _verify_passphrase(0),
 				  cd);
 		if (r < 0)
 			goto out;
@@ -510,7 +528,6 @@ static int action_luksFormat(int arg __attribute__((unused)))
 
 	keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
 
-	crypt_set_password_verify(cd, 1);
 	crypt_set_timeout(cd, opt_timeout);
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
@@ -522,7 +539,7 @@ static int action_luksFormat(int arg __attribute__((unused)))
 
 	r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
 			  opt_keyfile_size, opt_key_file, opt_timeout,
-			  opt_batch_mode ? 0 : 1 /* always verify */, cd);
+			  _verify_passphrase(1), cd);
 	if (r < 0)
 		goto out;
 
@@ -582,6 +599,7 @@ static int action_luksOpen(int arg __attribute__((unused)))
 
 	crypt_set_timeout(cd, opt_timeout);
 	crypt_set_password_retry(cd, opt_tries);
+	crypt_set_password_verify(cd, _verify_passphrase(0));
 
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
@@ -628,7 +646,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 
 	r = crypt_get_key(msg_pass, &password, &passwordLen,
 			  keyfile_size, key_file, opt_timeout,
-			  opt_batch_mode ? 0 : opt_verify_passphrase, cd);
+			  _verify_passphrase(0), cd);
 	if(r < 0)
 		goto out;
 
@@ -718,7 +736,7 @@ static int action_luksRemoveKey(int arg __attribute__((unused)))
 		      &password, &passwordLen,
 		      opt_keyfile_size, opt_key_file,
 		      opt_timeout,
-		      opt_batch_mode ? 0 : opt_verify_passphrase,
+		      _verify_passphrase(0),
 		      cd);
 	if(r < 0)
 		goto out;
@@ -762,7 +780,8 @@ static int action_luksAddKey(int arg __attribute__((unused)))
 		goto out;
 
 	keysize = crypt_get_volume_key_size(cd);
-	crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
+	/* FIXME: lib cannot properly set verification for new/old passphrase */
+	crypt_set_password_verify(cd, _verify_passphrase(0));
 	crypt_set_timeout(cd, opt_timeout);
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
@@ -819,7 +838,7 @@ static int action_luksChangeKey(int arg __attribute__((unused)))
 	r = crypt_get_key(_("Enter LUKS passphrase to be changed: "),
 		      &password, &passwordLen,
 		      opt_keyfile_size, opt_key_file, opt_timeout,
-		      opt_batch_mode ? 0 : opt_verify_passphrase, cd);
+		      _verify_passphrase(0), cd);
 	if (r < 0)
 		goto out;
 
@@ -856,7 +875,7 @@ static int action_luksChangeKey(int arg __attribute__((unused)))
 	r = crypt_get_key(_("Enter new LUKS passphrase: "),
 			  &password, &passwordLen,
 			  opt_new_keyfile_size, opt_new_key_file,
-			  opt_timeout, opt_batch_mode ? 0 : 1, cd);
+			  opt_timeout, _verify_passphrase(0), cd);
 	if (r < 0)
 		goto out;
 
@@ -1021,6 +1040,7 @@ static int action_luksResume(int arg __attribute__((unused)))
 
 	crypt_set_timeout(cd, opt_timeout);
 	crypt_set_password_retry(cd, opt_tries);
+	crypt_set_password_verify(cd, _verify_passphrase(0));
 
 	if (opt_key_file)
 		r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
diff --git a/tests/compat-test b/tests/compat-test
index 6ecf3114..b247a523 100755
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -313,7 +313,7 @@ echo "key0" | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV ||
 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 # verify is ignored on non-tty input
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase || fail
+echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail