ecryptfs-recover-private reports success even when MOUNT passphrase is wrong

Bug #1001933 reported by Jakob Unterwurzacher on 2012-05-20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)

Bug Description

When you use ecryptfs-recover-private to mount an encrypted directory by MOUNT passphrase, it reports success even if the passphrase is wrong.
The directory is mounted but is full of ECRYPTFS_FNEK_ENCRYPTED* files that trigger kernel errors when accessed.
The script should detect such a situation and output an error instead of "Success!".

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Sun May 20 14:52:42 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)

Jakob Unterwurzacher (jakobunt) wrote :

Confirmed, when using ecryptfs-recover-private, answering no to "Do you know your LOGIN passphrase?" and being prompted for mount passphrase, inputting a wrong passphrase still results in Success! message, and encrypted filenames which cannot be read appear in the /tmp mount directory.

Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
Tyler Hicks (tyhicks) on 2014-10-24
Changed in ecryptfs-utils (Ubuntu):
importance: Undecided → Low
status: Confirmed → Triaged
Jason Xing (wlxing) on 2017-03-31
Changed in ecryptfs-utils (Ubuntu):
status: Triaged → Fix Released
Jason Xing (wlxing) wrote :

I tested on Ubuntu Precise and Trusty and it works very well. The bug has been fixed !
Good Job!

Jason Xing (wlxing) wrote :

This hasn't been fixed yet. My apologize : -(

Who have the access to change the status to "triage" or "confirmed"? It seems that I cannot change it anymore.

Jason Xing (wlxing) wrote :

My apologize. It works successfully when I enter the wrong mount passphrase.
However, it doesn't need to be fixed really. When we mount eCryptfs, we also could enter different passphrases and decrypt certain files. It's the design of eCryptfs, I think.

One thing we're supposed to do is to display the information(warning) like "Mount successfully. But maybe the mount passphrase is not the right key to decrypt your private data. Please check the directory mounted carefully".

What do you guys say about this? Any information/suggestions are welcome!


To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers