Encrypt hook no longer works when backslashes are used in a keyfile location

System and config info:

[zack@laptop ~]$ uname -a
Linux laptop 6.7.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 03 Mar 2024 00:30:36 +0000 x86_64 GNU/Linux
[zack@laptop ~]$ cat /etc/kernel/cmdline
cryptdevice=/dev/disk/by-id/nvme-eui.002538b421a013b6:crypt:allow-discards cryptkey=/dev/disk/by-id/usb-Samsung_Type-C_0377322080001497-0\:0:0:64 crypto=:aes-xts-plain64:512:0: root=/dev/mapper/crypt rootflags=subvol=@ rw resume=/dev/mapper/crypt resume_offset=533760
[zack@laptop ~]$ cat /etc/mkinitcpio.conf
MODULES=()
BINARIES=()
FILES=()
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap block encrypt btrfs filesystems fsck resume)
[zack@laptop ~]$ cat /etc/mkinitcpio.d/linux.preset
ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux"
PRESETS=('default')
default_image="/boot/initramfs-linux.img"
default_uki="/boot/EFI/Linux/archlinux-linux.efi"

With the update to v38 for mkinitcpio(8), /usr/lib/initcpio/hooks/encrypt is no longer able to decrypt the root disk using a keyfile on a raw USB disk. The problem is caused by the fact the by-id disk name of the USB drive has : which needs to be escaped via \. Removing -r from the read command in the hook fixed the problem for me. Specifically the below diff resolved the issue for me:

[zack@laptop ~]$ diff encrypt /usr/lib/initcpio/hooks/encrypt
12c12
<         IFS=: read -r ckdev ckarg1 ckarg2 <<EOF
---
>         IFS=: read ckdev ckarg1 ckarg2 <<EOF
42c42
<         IFS=: read -r cryptdev cryptname cryptoptions <<EOF
---
>         IFS=: read cryptdev cryptname cryptoptions <<EOF

I tried first removing the backslash from /etc/kernel/cmdline to see if that would work, but it did not. I am not 100% sure if this is a bug; but if not, how should cryptkeys be specified if they contain characters that need to be escaped (e.g., :)? I'd rather not modify /usr/lib/initcpio/hooks/encrypt and instead use a working value in /etc/kernel/cmdline.