Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Testing keys always successful for passphrase with space #30

Open
sam-d opened this issue Oct 7, 2019 · 6 comments
Open

Testing keys always successful for passphrase with space #30

sam-d opened this issue Oct 7, 2019 · 6 comments

Comments

@sam-d
Copy link

sam-d commented Oct 7, 2019

When using the GUI and clicking Keys->Test, any input containing at least one space character (e.g. '1 2') will return succesfully.

I have recently set up encryption on my drives and was unsure if I remembered the passphrase correctly. So I used the test keys function, which reported succesful unlock. Now, after an unexpected reboot I cannot unlock my disks anymore. How are passphrases with space characters handled?
@sam-d
Copy link
Author

sam-d commented Oct 7, 2019

Related to #20 ?

@subzero79
Copy link

There is no special space character treatment, all keys are parsed through escapeshellarg
On the test passphrase, i just quick tested in omv4 in my prod server and yes it does show that behaviour. Is strange, the code for testing is pretty much the same for open in terms of concatenating the strings to build the command and pass it to the OS.
I'll take a look see if i can find what's the issue here.

You can drop down to terminal to unlock your disks if you suspect the plugin is not handling correctly your passphrase

@subzero79
Copy link

subzero79 commented Oct 8, 2019
edited
Loading

I think the issue is with this line

openmediavault-luksencryption/usr/share/php/openmediavault/system/storage/luks/container.inc

Line 631 in 939bc78

$cmd = sprintf("/bin/bash -c 'echo -n %s | ".

Don't know why it behaves differently calling the command with bash directly than plain echo. At current code the return is always zero, when a space is in the pass, doesn't even execute the cryptsetup command at all

/bin/bash -c 'echo -n 'dark moon' | cryptsetup luksOpen -v --test-passphrase '/dev/sdh' --key-file=-'

is a quoting issue should be

/bin/bash -c "echo -n 'dark moon' | cryptsetup luksOpen -v --test-passphrase '/dev/sdh' --key-file=-"

Also getting rid of the /bin.bash works

@sam-d
Copy link
Author

sam-d commented Oct 8, 2019

Thank you for looking into it and confirming the issue.

I was unsure if I correctly remembered my passphrase, so I have used this function to test my suspicion, at a time were the disks were still unlocked. Since it returned successfully I assumed knowing the correct passphrase. Now that the disks are locked, it turns out I do not remember the correct passphrase and I am effectively locked out and will have to wipe my disks. I would appreciate a fix so this does not happen to somebody else.

@subzero79
Copy link

I understand. You can use file with long pass phrase to encrypt the disk. I usually keep those in another encrypted usb disk , a password zipped file and printed.

@subzero79 subzero79 mentioned this issue Oct 10, 2019
Closed
@subzero79
Copy link

This also happens to affect add key if the passphrase has a space.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sam-d @subzero79