Web lists-archives.com

Bad behaviour with encrypted partitions




Hi folks,

I am running debian/testing i386 on an EEEPC.

I have /home, /var and /usr enrypted with luks. All partitions got the same 
loooong password.

This worked fine for years. But now I discovered a strange behaviour, please 
let me explain:

Normally I have to type the password for every partition, always beginning 
with /usr,. then /home, then /var. After putting in all passwords correct, the 
system is going on booting.

But this is no more, now it is that way:

- I have to type the password for /usr then
- either /home or /var (this is randomly!) wants the password 
- when typed the correct password, the third partition is not more asked for 
the password and is enrypted automatically. WTF????

This behaviour points me, that the password is stored somewhere in the system 
and is used again. Bad behaviour!! And if it is stored (maybe in the keyboard 
buffer???), will it be erased after boot? 

All at all, this behaviour is very suspcios and IMO looks very unsecure.

It would be nice, if you could put an eye on it.

Thank you very much for reading this. 

Happy new year and all the best

Hans

P.S. Although this is IMO a big security related problem, the security team 
pointed me to send this mail to debian-user. Sorry.....

Attachment: signature.asc
Description: This is a digitally signed message part.