[dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.
jonas at freesources.org
Mon Oct 31 23:17:57 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
Am 31.10.2011 08:18, schrieb Arno Wagner:
> In addition, any kind of automatic header backup breaks the LUKS
> security model and needs to come with a very clear warning if
> automatized (as in an installer). The problem is that old
> passphrases will be stored and will survive deletion in the active
> LUKS header. That is not good at all.
While I agree with you, that cryptsetup already does a lot to prevent
data (i.e. header) loss, I don't see a reason why (optional) header
backup at some random place on the device would be such a big security
For sure the exact place of backup header would be stored in the first
header, and any cryptsetup action which changes/whipes (parts of) the
header, would need to do this for the backup header as well.
Overwriting the first kbytes of device would no longer be sufficient.
Instead overwriting the header would require to actually overwrite
both first and backup header. But that's the only drawback I can see
I guess that I missed something important.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dm-crypt