https://bugzilla.novell.com/show_bug.cgi?id=805426 https://bugzilla.novell.com/show_bug.cgi?id=805426#c0 Summary: cryptsetup cannot remove LUKS keys for devices with a blocksize of 4096 bytes Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: f+novell@congenio.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0 I cannot remove (luksRemoveKey) or wipe (luksKillSlot) a LUKS key slot on a disk with a blocksize of 4096 bytes. I get errors like: #cryptsetup luksKillSlot /dev/volume/anything 1 Enter any remaining LUKS passphrase: Cannot wipe device /dev/volume/anything. This works when a device with a blocksize of 512 bytes is used. I think that this is major because it affects security: a known-to-be-compromised LUKS passphrase cannot be removed. Reproducible: Always Steps to Reproduce: 1. cryptsetup luksKillSlot /dev/volume/anything 1 2. enter any existing passphrase 3. Actual Results: Cannot wipe device /dev/volume/anything. Expected Results: Removed key This happens to be a fixed upstream error that has been reported and allegedly fixed already (cf. http://code.google.com/p/cryptsetup/issues/detail?id=129). However, even a cryptsetup 1.5.1 from openSUSE factory exhibits the same behaviour. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.