Bug#335604: cryptsetup: document that -d option disables hashing

Mon, 24 Oct 2005 15:33:05 -0700 

Package: cryptsetup
Version: 20050111-3
Severity: normal
Tags: patch

Hi,

this patch documents the fact that the "-d" option disables password
hashing.
I stumbled across this since I thought using "-d /dev/stdin" is the
same as using cryptsetup without -d. But this is only true if
"-h plain" is used (ie. hashing is disabled).


Regards,
  Bastian

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-treasure2
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.01.05-1 The Linux Kernel Device Mapper use
ii  libc6                        2.3.5-7     GNU C Library: Shared libraries an
ii  libdevmapper1.01             2:1.01.05-1 The Linux Kernel Device Mapper use
ii  libgcrypt11                  1.2.2-1     LGPL Crypto library - runtime libr
ii  libgpg-error0                1.1-4       library for common error values an
ii  libpopt0                     1.7-5       lib for parsing cmdline parameters

cryptsetup recommends no packages.

-- no debconf information

--- cryptsetup.sgml     2005-10-25 00:19:14.994887815 +0200
+++ /home/calvin/cryptsetup.sgml_fixed  2005-10-25 00:18:55.226877595 +0200
@@ -100,8 +100,13 @@
         <term><option>-d</option> <replaceable>STRING</replaceable>, 
<option>--key-file=</option><replaceable>STRING</replaceable>
         </term>
         <listitem>
-          <para>Read the key from a file (can be
-                <filename>/dev/random</filename>).</para>
+          <para>Read the raw key data from a file (can be
+<filename>/dev/random</filename>). The key data will not
+be hashed, ie. the <option>-h</option> option will be ignored.
+This implies that <option>-d</option>
+ <literal>/dev/stdin</literal> is only the same as running
+<literal>cryptsetup</literal> without the <option>-d</option> option when
+<option>-h</option> <literal>plain</literal> is used.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -186,8 +191,8 @@
   <refsect1>
     <title>EXAMPLES</title>
     <programlisting>cryptsetup create crypted\-hda1 /dev/hda1</>
-    <programlisting>openssl enc -d -aes-256-ecb -in crypt.key | \\
-       cryptsetup -c twofish -d /dev/stdin create _dev_hda1 /dev/hda1</>
+    <programlisting>openssl enc \-d \-aes\-256\-ecb \-in crypt.key | \\
+       cryptsetup \-c twofish \-h sha512 create _dev_hda1 /dev/hda1</>
     <programlisting>cryptsetup remove crypted\-hda1</>
   </refsect1>
   <refsect1>

Reply via email to