[dm-crypt] Corrupted luks partition, help needed

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Thu Jun 3 22:56:27 CEST 2010


On Thu, 2010-06-03 at 22:48 +0200, Luca Berra wrote:
> well, actually if you look closely at modern filesystems and
> partitioning schemes, you will find there are more than one copy of
> critical metadata.
> ext2 has a backup superblock 
> GPT partition has a secondary header and table at the other end of the
> disk
> 
> we really miss an on-disk backup of the LUKS header.
It's never a good idea to spread such security critical information like
the master key to much.
Therefore the current design of having only one copy per volume is the
right design.

Everybody can easily make backups of the header, and store them e.g.
heavily encrypted at a secure place.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100603/d0d0403d/attachment.bin>


More information about the dm-crypt mailing list