Public bug reported:
Binary package hint: cryptsetup
FACTS AND OBSERVATIONS:
i installed debian on a box that used to run ubuntu until now, and kept some
large cryptsetup images over the migration. debian failed to mount two of the
three crypto partitions. the symptom is that of the wrong password (mount
complains about missing file system type information).
i am mounting the partitions with a skript that also contains the keys,
so the possibility of typos is negligible. the probability that the
script contains an error that only shows after the migration is also
rather small because one of the three partitions works, and they all
mount using the same code.
when i booted again from an ubuntu life CD, all three partitions worked
nicely.
all three passwords are read from files that are one line long and end
with the two bytes 0x000a. the partitions that mounts on both debian
and ubuntu has a password that is 29 characters long, the other two have
41 characters.
i set up the partitions a while ago, i think it was using a dapper
installation, but i am afraid i can't provide more details on this.
MY THEORY:
i would put my money on something happening to the password after byte 31 in
the ubuntu code that does not happen in the debian code (or the other way
round). since i do not know in what way the entropy of the password is reduced
(if at all), i labelled this bug a potential security vulnerability. please
feel free to uncheck that if you disagree.
BLABA:
since i spent the last 24h using the ubuntu life CD to backup files from the
two partitions being difficult to other drives, i (a) do not consider this bug
as very urgent any more and (b) would like to avoid spending another day
debugging this. i still post this in the hope that either it helps you
maintainers to keep up the good work or it can give a hint to somebody else
facing the same problem.
(oh, yes: the reason why i switched to debian is that i have never so
far experienced a painless upgrade under ubuntu, and since it always
ends up being more or less a complete re-install, i might as well re-
install to another system and see if that works any better. but since
my impatience with software is legenderay, it's quite possible that i
will be back soon. :-)
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** This bug is no longer flagged as a security issue
--
crypt-images set up on ubuntu fail on debain
https://bugs.launchpad.net/bugs/204576
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
