Some changes recomended by @dnschneid. Also fixed a few issues.

Still needs work, when keys are not the right legnth, (from bad hexdump),
they do not get properly handled.

(AMEND: had the conditional backwards)

host-bin/mount-chroot

@@ -62,30 +62,34 @@ addtrap "stty echo 2>/dev/null"
 
 # Function to prompt the user for a passphrase. Sets $passphrase.
 promptNewPassphrase() {
+    NOPASS=''
     echo -n "Choose an encryption passphrase for $NAME: " 1>&2
     [ -t 0 ] && stty -echo
-    while [ -z "$passphrase" ]; do
+    while [ -z "$passphrase" -a -z "$NOPASS" ]; do
         read -r passphrase
         echo 1>&2
         echo -n 'Please confirm your passphrase: ' 1>&2
         read -r confirmation
+        echo 1>&2
         if [ ! "$confirmation" = "$passphrase" ]; then
             passphrase=''
-            echo 1>&2
             echo -n 'Passphrases do not match; try again: ' 1>&2
+            continue
         fi
         if [ -z "$passphrase" ]; then
-            echo 'You did not specify a passphrase! Your keys will not be encrypted.
-            You should only do this if you have specified to store the keys in your
-            encrypted user folder (/home/chronos/user/...) or on removable media.
-            Enter "Yes" to confirm, or "No" to set a passphrase' 1>&2
+            echo 1>&2
+            echo -n \
+'You did not specify a passphrase.  Your keys will not be encrypted.
+Only do this if you are confident that your keys are stored in a secure location.
+Do you want to continue? [y/N] ' 1>&2
             read -r response
             echo 1>&2
-            if [ "$response" = "N*" -o "$response" = "n*" ]; then
+            if [ "${response#[Yy]}" = "$response" ]; then
                 continue
-            fi
-            echo 'No password set, keys will not be encrypted' 1>&2
+			else
             NOPASS='y'
+            echo 'No password set, keys will not be encrypted' 1>&2
+            fi
         fi
         confirmation=''
     done
@@ -206,11 +210,8 @@ $passphrase" | ecryptfs-wrap-passphrase "$wrappedfnek" -
                 unset key fnek
                 echo | cat - "$wrappedkey" "$wrappedfnek" > "$KEYFILE"
             else
-                echo > "$KEYFILE"
-                echo -n '$$$$$$$$$$$$$$$$' >> "$KEYFILE"
-                echo -n "$key" >> "$KEYFILE"
-                echo -n "$fnek" >> "$KEYFILE"
-                echo -n '$$$$$$$$$$$$$$$$' >> "$KEYFILE"
+                echo -n "
+................$key................$fnek" >> "$KEYFILE"
                 unset key fnek
             fi
             if [ ! -f "$CHROOTSRC/.ecryptfs" ]; then
@@ -227,10 +228,10 @@ $passphrase" | ecryptfs-wrap-passphrase "$wrappedfnek" -
             tail -c 160 "$KEYFILE" | head -c 80 > "$wrappedkey"
             tail -c 80 "$KEYFILE" > "$wrappedfnek"
 
-            PAD1="`cat "$wrappedkey" | head -c 16`"
-            PAD2="`cat "$wrappedfnek" | tail -c 16`"
+            PAD1="`head -c 16 "$wrappedkey"`"
+            PAD2="`tail -c 16 "$wrappedfnek"`"
 
-            if [ "$PAD1" == '$$$$$$$$$$$$$$$$' -a "$PAD2" == '$$$$$$$$$$$$$$$$']; then
+            if [ "$PAD1" = '................' ] && [ "$PAD2" = '................']; then
                 NOENC='y'
                 key="`tail -c 64 "$wrappedkey"`"
                 fnek="`head -c 64 "$wrappedfnek"`"