* Fix key slot iteration count calculation (small -i value was the same as default).
* The slot and key digest iteration minimun is now 1000.
* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
If something very strange happens, and the generated key is not completely random
(wrong RNG), attacker can skip the whole kesylot area processing and try to
brute force key according to limited set of keys.
The iteration time (default, inherited from slot iteration time, is cca 120ms)
can make this attack slower, if not impossible.
Note, that this is just theorethic problem, anyway it is better to be prepared
if possible:-)
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@159 36d66b0a-2a48-0410-832c-cd162a569da5
with various udev-event tools which wrongly scan and open
internal temporary cryptsetup devices.
If cryptsetup run in debug mode (--debug) and remove of device
fails, code scan /proc directory and tries to find process name
which locked that device.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@141 36d66b0a-2a48-0410-832c-cd162a569da5
DM_UUID now contains prefix (CRYPT-), device type (LUKS1, PLAIN, TEMP),
UUID (if provided - LUKS) and device name.
Because e.g. snapshot of full LUKS device during activation must have different
name, DM-UUID is different too and we do not need --disable-uuid option.
DM-UUID is persistent during activation time.
* Revert (and solve different way): Replace not safe option --non-exclusive with --disable-uuid.
Signed-off-by: Milan Broz <mbroz@redhat.com>
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@105 36d66b0a-2a48-0410-832c-cd162a569da5
* Add ability to provide pre-generated master key and UUID in LUKS header format.
* Add LUKS function to verify master key digest.
* Move key slot manuipulation function into LUKS specific code.
Signed-off-by: Milan Broz <mbroz@redhat.com>
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@94 36d66b0a-2a48-0410-832c-cd162a569da5
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.
Signed-off-by: Milan Broz <mbroz@redhat.com>
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@93 36d66b0a-2a48-0410-832c-cd162a569da5
Device mapper device should use UUID string if possible.
UDEV can then easily distinguish the device type etc.
cryptsetup now uses CRYPT prefix for uuid.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@55 36d66b0a-2a48-0410-832c-cd162a569da5
* Allow deletion of key slot while other keys have the same key
information (that implied rewritting verification logic).
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@41 36d66b0a-2a48-0410-832c-cd162a569da5
Cryptsetup keeps some sectors (between the physical LUKS header
and keyslot data) on disk untouched, unfortunatelly ext2/3/4 signature can
be there and blkid detects filesystem here instead of LUKS.
This patch wipes the first eight sectors on disk with zero during luksFormat.
This should be probably solved by physical header padding in next version.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@38 36d66b0a-2a48-0410-832c-cd162a569da5
(All password related errors still return -EPERM - "No key available with this passphrase.")
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@33 36d66b0a-2a48-0410-832c-cd162a569da5
* write_lseek_blockwise: declare innerCount outside the if block
* add -Wall to the default CFLAGS
* fix some signedness issues
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@29 36d66b0a-2a48-0410-832c-cd162a569da5
