| 2013-08-09 19:19:14 |
Jedna Dvatři |
description |
To reproduce:
1. Attempt to add a new key by invoking "cryptsetup -y luksAddKey [encrypted_dev_file]".
2. See the "Enter any passphrase:" prompt appear, followed by "Verify passphrase:".
Expected behavior:
User enters his new desired passphrase, which is assigned to a key slot.
Actual behavior:
Failure with message, "No key available with this passphrase." (In fact, the prompt wants an existing passphrase at this stage.)
Suggested fix:
1. The prompt should be changed to something clearer, like "Enter any existing passphrase:".
2. The second, "Verify passphrase:" prompt at this stage should be eliminated. Verification seems useless in entering an existing password. It reenforces the user's mistaken assumption that a new password is what's expected. It seems to contradict the cryptsetup man page on the '-y' option, which states, "[A mismatch is a]dvised when creating a regular mapping for the first time, or when running luksFormat." We are doing neither of those things when we are entering an existing password.
References:
http://ubuntuforums.org/showthread.php?t=1566538
http://www.saout.de/pipermail/dm-crypt/2010-September/001177.html |
To reproduce:
1. Attempt to add a new key by invoking "cryptsetup -y luksAddKey [encrypted_dev_file]".
2. See the "Enter any passphrase:" prompt appear, followed by "Verify passphrase:".
Expected behavior:
User twice enters her desired new passphrase, which is assigned to a key slot.
Actual behavior:
Failure with message, "No key available with this passphrase." (In fact, the prompt wants an existing passphrase at this stage.)
Suggested fix:
1. The prompt should be changed to something clearer, like "Enter any existing passphrase:".
2. The second, "Verify passphrase:" prompt at this stage should be eliminated. Verification seems useless in entering an existing password. It reenforces the user's mistaken assumption that a new password is what's expected. It seems to contradict the cryptsetup man page on the '-y' option, which states, "[A mismatch is a]dvised when creating a regular mapping for the first time, or when running luksFormat." We are doing neither of those things when we are entering an existing password.
References:
http://ubuntuforums.org/showthread.php?t=1566538
http://www.saout.de/pipermail/dm-crypt/2010-September/001177.html |
|
