[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#478598: partman-crypto: problems with using random keys



Package: partman-crypto
Version: 30

There seems to be some bug in the way settings are saved for encrypted 
partitions, because doing things in a different order gives a completely 
different result.

Base situation:
- regular install up to partitioning
- choose "Guided - use entire disk"
- choose disk and "All files in one partition"

Next, the idea is to make the swap partition use loop-aes with random key.

"Correct" method:
- select the swap partition
- choose Use as: physical volume for encryption
- choose Encryption method: Loopback
- choose Encryption key: Random key
- choose Erase data: no
- Done setting up partition
- Proceed with "Configure encrypted volumes", OK to write changes to disk.

After this the process completes immediately, apparently successfully. I do 
*not* get the dialog asking to enter random keys. This seems like it could 
be a bug, especially given that I am asked to do so with the next example.

"Incorrect" method:
- select the swap partition
- choose Use as: physical volume for encryption
- choose Encryption key: Random key
- choose Encryption method: Loopback
Note that I now select the key type before the method.
- choose Erase data: no
- Done setting up partition
- Proceed with "Configure encrypted volumes", OK to write changes to disk.

After this I am first asked to enter an encryption passphrase, even though 
there is no partition that uses one. This is a bug.

After that I *am* asked to enter random characters, with the progress bar at 
only 2%. Getting sufficient entropy litterally takes ages: getting from 5 
to 10% takes 20 seconds. I don't remember it taking that long with previous 
tests I've done.

Question
Is "Random key" a valid choice when using dm-crypt? The interface does allow 
it, but I seem to remember that supporting random keys was the reason why 
we still needed support for loop-aes.

Cheers,
FJP

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: