Comment 36 for bug 55159

  Make sure Kees Cook and/or Reinhard Tartler get this latest update:

  NEW VERSION OF cryptdisks.functions gives full interactive prompting just like askpass does, but without echoing the password to the console. I have tested this with and without usplash, with different settings of "tries=" in /etc/crypttab, and can confirm it works in Jaunty on Intel atom and Athlon 64 single core.

   In the new version when using a LUKS partition, a do-while loop repeats as many times as "tries=" calls for , calling cryptsetup with tries=1. If the right passphrase is entered, cryptsetup returns 0, a prompt tells the user the encrypted device has been set up, and the loop breaks. With a bad passphrase, the user is prompted again and the loop repeats until either the right passphrase is entered or the limit in "tries=" has been reached.

  No change in behavior on console, no change from my last upgrade in behavior with a non-LUKS mapping. There is no way to have a bad passphrase re-call cryptsetup on a regular mapping within this script. This would require having cryptsetup and mount in the same script, for a substantial change in /etc/rcS.d . The workaround, of course, is to use LUKS in the first place, and it's far more secure by default.