Am 16.05.2010 14:36, schrieb Jan Engelhardt: > [Replying to > http://thread.gmane.org/gmane.linux.gentoo.user/229533/focus=229542 > ] > > In my personal opinion, both the quality of shell commands and key > generation is suboptimal. What makes it bad is that people follow > it. > > First, it generates a key which does not exploit the entire space. > People claim it's because they want an ASCII readout, but frankly, > you get the same with `hexdump -C`. > > Second, it's using echo without the -n parameter, thus implicitly > inserting a newline into the key -- which is the cause for yoru > observed mounting problems. > > Third, because you are passing the key via stdin into cryptsetup, it > only uses the first line of whatever you pipe into it; whereas > pam_mount uses the entire keyfile as it is supposed to be. > > (Fourth, the howto suggests ECB, which, well, looks rather weak > considering the ECB's Tux picture on Wikipedia.) > > All of that should be in doc/bugs.txt, and mount.crypt even warns > about ECB. You really cannot ignore seeing that. > > Phew!
Jan, thanks for your suggestions. I created a new LUKS-volume and tried to avoid all the mentioned pitfalls (I used "echo -n", avoided stdin etc.), but this didn't help here. The new volume is not mounted with pam_mount-2.1, but mounted OK with pam_mount-1.33. And, btw, as mentioned in the original thread, I use CBC, not ECB ;-) -- Your CCing Daniel didn't work maybe, wrong address, I corrected it for this reply) -- I CC: ha...@gentoo.org to link to the gentoo bug http://bugs.gentoo.org/show_bug.cgi?id=318865 Thanks, regards, Stefan
