[dm-crypt] Encrypting several disks with the same password + keyfile combinaison

Matthias Schniedermeyer ms at citd.de
Tue Apr 15 00:20:06 CEST 2014


On 14.04.2014 21:24, Xavier MONTILLET wrote:
> Hi,
> 
> - (b) Use LUKS (which I would prefer to avoid, if it doesn't comprimise the
> security, because it adds a weak spot against disk failure: the header)

Interesting point.

There are more "weak spots". Yyou even add one, but i guess adding two 
is "too much"?
- Partition Table
- Superblock(s) of the filesystem(s)
- LVM
- There are or at least i think there are a few "critical" blocks in 
each filesystem that i think will ruin your day if damaged.
- ...

Personally i unintentionaly did away with one (Partition Table) and 
don't use another (LVM), but that still leaves at least the 
superblock(s) of the filesystem.

Btw. You can also use LUKS with a deattached header and/or backup the 
header, so it's not weaker than the other weak spots.




-- 

Matthias


More information about the dm-crypt mailing list