[Bug 282567] [geli] geli setkey can clear key components, perfectory
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 282567] ]"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Nov 2024 16:46:21 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282567
Norikatsu Shigemura <nork@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|] |[geli] geli setkey can
| |clear key components,
| |perfectory
--- Comment #1 from Norikatsu Shigemura <nork@FreeBSD.org> ---
I tested following case as a bug of "geli setkey":
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# truncate -s 1M testfile
# # mdconfig -f testfile
md0
# geli init -e AES-XTS -l 256 -B none -s 4096 md0
Enter new passphrase:
Reenter new passphrase:
# geli attach md0
Enter passphrase:
# geli setkey -i $((65536*65536-1)) md0
Enter new passphrase:
Reenter new passphrase:
Note, that the master key encrypted with old keys and/or passphrase may still
exist in a metadata backup file.
# geli detach md0
# geli attach md0
geli: Missing -p flag.
geli: There was an error with at least one provider.
# geli attach -p md0
geli: No key components given.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I found this issue because I tried reset passphrase key like "geli setkey -k
keyfile -P md0".
But I couldn't reset passphrase, so I noticed that the "md_iterations" doesn't
reset to -1 (= 2^32-1 = 65536*65536-1).
SEE ALSO: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196834
So there is a bug of "geli setkey -P doesn't reset md_iterations" yet.
To reset iterations, "geli setkey -P" should reset the md_iteratitons, or
describe how to reset passphrase by setting iterations and save no key
compoents status.
--
You are receiving this mail because:
You are the assignee for the bug.