Remove limit for passphrase length
Closed this issue ยท 10 comments
Hi. I'm running zulucrypt on Debian Buster. I noticed zulucrypt enforces a max passphrase length silently. It is recommended by the EFF to use diceware to generate easy to remember and strong passwords. For PQ security we recommend our users use a 20 word phrase for 128 bit entropy if quantum computers become a reality. I noticed that whenever I try adding such passphrase and try to reopen the volume, it fails. It seems zulucrypt truncates the original passphrase silently without alerting users.
There is no need to set arbitrary limits on password length. The longer the better.
What backend are you using?
TrueCrypt and VeraCrypt volumes have a policy of a 64 character password limit. I am certain TrueCrypt GUI silently drops all extra characters since the GUI is no longer developed and it behaved this way last time i tried it. Not sure about VeraCrypt now but it worked the same last time i tested it.
What backend are you using?
LUKS1
zuliCrypt has 8MB password limit and from memory, i got this limit from cryptsetup.
zuluCrypt has a 1MB limit for keyfiles size and i got this limit from TrueCrypt.
Are you using a password or a keyfile?
How many characters are in your key.
I'm using a password or "key" as it is called.
How many characters are in your key.
Approx 150. Each diceware word is roughly 7 characters long
Your key is too short and it should work as expected with LUKS based volumes.
Are you sure the problem is key trancation by zuluCrypt?
What version of zuluCrypt are you using and from what distribution?
Are you sure the problem is key trancation by zuluCrypt?
What else could it be in your opinion?
5.4.0-3 from Debian Buster
OK played around with it some more and it seems the password length limit is set to 100 characters. Anything more than that is silently discarded.
You are correct and this seems to be a bug in Qt since the default value is set to 100 instead of documented value of 32767[1]
The bug should be gone in the git version since i am now explicity setting the max value of 32767.
I am closing this one since the reported issue is now gone in the git version.
If all go according to plan, the next version of zuluCrypt will be released on the first of next month.
Thanks. Reported downstream for patch uplifting: