Testing keys always successful for passphrase with space
sam-d opened this issue · 6 comments
When using the GUI and clicking Keys->Test, any input containing at least one space character (e.g. '1 2') will return succesfully.
I have recently set up encryption on my drives and was unsure if I remembered the passphrase correctly. So I used the test keys function, which reported succesful unlock. Now, after an unexpected reboot I cannot unlock my disks anymore. How are passphrases with space characters handled?
There is no special space character treatment, all keys are parsed through escapeshellarg
On the test passphrase, i just quick tested in omv4 in my prod server and yes it does show that behaviour. Is strange, the code for testing is pretty much the same for open in terms of concatenating the strings to build the command and pass it to the OS.
I'll take a look see if i can find what's the issue here.
You can drop down to terminal to unlock your disks if you suspect the plugin is not handling correctly your passphrase
I think the issue is with this line
Don't know why it behaves differently calling the command with bash directly than plain echo. At current code the return is always zero, when a space is in the pass, doesn't even execute the cryptsetup command at all
/bin/bash -c 'echo -n 'dark moon' | cryptsetup luksOpen -v --test-passphrase '/dev/sdh' --key-file=-'
is a quoting issue should be
/bin/bash -c "echo -n 'dark moon' | cryptsetup luksOpen -v --test-passphrase '/dev/sdh' --key-file=-"
Also getting rid of the /bin.bash works
Thank you for looking into it and confirming the issue.
I was unsure if I correctly remembered my passphrase, so I have used this function to test my suspicion, at a time were the disks were still unlocked. Since it returned successfully I assumed knowing the correct passphrase. Now that the disks are locked, it turns out I do not remember the correct passphrase and I am effectively locked out and will have to wipe my disks. I would appreciate a fix so this does not happen to somebody else.
I understand. You can use file with long pass phrase to encrypt the disk. I usually keep those in another encrypted usb disk , a password zipped file and printed.
This also happens to affect add key if the passphrase has a space.