[dm-crypt] Required kernel crypto interface not available

.. ink .. mhogomchungu at gmail.com
Fri May 16 23:23:02 CEST 2014


On Fri, May 16, 2014 at 9:13 AM, Franz <169101 at gmail.com> wrote:


> I do not get clearly the advantage of having the header separated from the
> container. If I have header and container together, you tell that anybody
> can easily find this is a LUKS container. They cannot open it but they know
> there is something hidden.
>
> yes

> But isn't the same happening if container and header are separated? I
> suppose that as well they can easily find the header (OR NOT?). They cannot
> open the container, but they know there is something hidden. Yes they do
> not know WHERE it is hidden in this case, but how important is this if in
> any case they cannot open it?
>
>
with a detached header,when somebody gets a hold of the header less
volume,they will not know the volume has encrypted data using LUKS,at
best,they may suspect but not know.You will not get many successes when
trying to convince somebody that your 200MB file made up of
cryptographically sound random data is not an encrypted volume but at least
you will get the opportunity to try.A LUKS volume with attached header will
not give you this opportunity and a detached header seeks to give it back.

Which one of the supported cryptsetup volume you should use depends on your
use case but they all largely give marginal benefits when compared to each
other for most use cases
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140516/3b7a5486/attachment.html>


More information about the dm-crypt mailing list