Bug 243676

Summary: geom_eli geli: Erroneously accepts weak (short) keys
Product: Base System Reporter: Conrad Meyer <cem>
Component: kernAssignee: freebsd-geom (Nobody) <geom>
Status: New ---    
Severity: Affects Only Me    
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Conrad Meyer freebsd_committer freebsd_triage 2020-01-28 17:23:27 UTC 
Entropy is cheap.  We should reject keyfiles smaller than 256 bits at initialization time.  At attach, we should clearly continue allowing people to access their existing volumes, but maybe a warning would be appropriate?  Today, GELI allows initialization with small and empty keyfiles (init -K, attach -k).  These should be rejected.