Package: cryptsetup-bin Version: 2:2.3.5-1 Severity: normal X-Debbugs-Cc: s.schauenb...@gmail.com
Dear Maintainer, I've been using cryptsetup with LUKS for a while and recently upgraded to Debian 11 (bullseye). At that point I was suddenly unable to acces the encrypted image volumes with my password. I used an extremely long interactive password (1024 characters). Accessing the encrypted volumes was possible using Debian 10, but not Debian 11. After some debugging, I found out that: - creating an encrypted volume with a password > 512 characters is possible (both in bullseye and buster) - apparently buster and bullseye handle password, which are too long, differently - it is possible to access the encrypted volume with that large password, but only if you use the same Debian version. - images created on buster, can be opened on buster - images created on bullseye, can be opened on bullseye - images created on buster, could _not_ be opened on bullseye - the only way to check the maximum password length, is by running cryptsetup --help (it is not referenced in the man page, only for key sizes) - there is no feedback, when using a password that is too long: cryptsetup luksAddKey --key-slot 5 file.img Enter any existing passphrase: Enter new passphrase for key slot: Verify passphrase: -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-9-amd64 (SMP w/1 CPU thread) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup-bin depends on: ii libblkid1 2.36.1-8 ii libc6 2.31-13+deb11u2 ii libcryptsetup12 2:2.3.5-1 ii libpopt0 1.18-2 ii libuuid1 2.36.1-8 cryptsetup-bin recommends no packages. cryptsetup-bin suggests no packages.