FS#38550 : [cryptsetup] LUKS passphrase not accepted.

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#38550 - [cryptsetup] LUKS passphrase not accepted.

Attached to Project: Arch Linux
Opened by Claire Farron (clfarron4) - Friday, 17 January 2014, 10:12 GMT
Last edited by Thomas Bächler (brain0) - Friday, 28 February 2014, 12:01 GMT

Task Type	Bug Report
Category	Upstream Bugs
Status	Closed
Assigned To	Thomas Bächler (brain0)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	3 indianahorst (indianahorst) (2014-01-25) No No (bk) (2014-01-17) plasmoid (plasmoid) (2014-01-17)
Private	No

Details

Description: Some users are not able to unlock their LUKS passphrase after updates to cryptsetup (now version 1.6.3) and libgcrypt (1.6.0) with containers created with previous versions of both packages.

Containers created with cryptsetup 1.6.3 and libgcrypt 1.6.0 seem not to be affected

Additional info:
BBS Thread: https://bbs.archlinux.org/viewtopic.php?pid=1371687

Steps to reproduce:
Create LUKS container with cryptsetup < 1.6.3 and libgcrypt < 1.6.0, update to versions in repositories and try to unlock container.

This task depends upon

Closed by Thomas Bächler (brain0)
Friday, 28 February 2014, 12:01 GMT
Reason for closing: None
Additional comments about closing: Workaround available.

Comments (5)
Related Tasks (0/0)

Comment by No No (bk) - Friday, 17 January 2014, 22:25 GMT

Issue opened at https://code.google.com/p/cryptsetup/issues/detail?id=200
Two threads started http://www.saout.de/pipermail/dm-crypt/2014-January/003799.html http://www.saout.de/pipermail/dm-crypt/2014-January/003813.html

Comment by No No (bk) - Saturday, 18 January 2014, 19:34 GMT

My current workaround was this:
- cryptsetup-reencrypt -h sha1 /dev/sdaX
- upgrade to libgcrypt 1.6.0
- cryptsetup-reencrypt -h whirlpool /dev/sdaX

I skipped my last point to save time a reencrypt-run takes.

Remember: cryptsetup-reencrypt is experimental!

Comment by No No (bk) - Monday, 20 January 2014, 22:07 GMT

Bug emulation flag added
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=94030e44aaff805d754e368507f16dd51a531b72

Will be backported
http://www.saout.de/pipermail/dm-crypt/2014-January/003823.html

Comment by Thomas Bächler (brain0) - Thursday, 06 February 2014, 22:34 GMT

Fact is, the old cryptsetup/libgcrypt used an incorrect version of the whirlpool hash. It's possible to use the old libgcrypt (or new libgcrypt with bug emulation flag) to retrieve the master key and regenerate the LUKS header (without reencrypting the data). Other than that, all we can do is wait for cryptsetup to learn to work around this. I'd advise everyone to fix their LUKS headers instead.

Comment by Thomas Bächler (brain0) - Friday, 28 February 2014, 12:01 GMT

There is a workaround with the latest cryptsetup: http://www.saout.de/pipermail/dm-crypt/2014-February/003956.html

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#38550 - [cryptsetup] LUKS passphrase not accepted.

Details

Loading...