[dm-crypt] Debian 7.10 random key swap Device /dev/sda2 is not a valid LUKS device.

Sven Eschenberg sven at whgl.uni-frankfurt.de
Wed Apr 6 22:26:09 CEST 2016


Yes David,

You are right. And as long as you do not need persistant swap to i.e. 
store a hibernate image, it is absolutely reasonable to use a new random 
key on each boot.

Regards

-Sven


Am 06.04.2016 um 21:35 schrieb David Christensen:
> On 04/06/2016 03:55 AM, Michael Kjörling wrote:
>> On 5 Apr 2016 21:25 -0700, from dpchrist at holgerdanske.com (David
>> Christensen):
>>> # grep sda2 /etc/crypttab
>>> sda2_crypt /dev/sda2                                 /dev/urandom
>>> cipher=aes-xts-plain64,size=256,swap
>>
>> Since you don't have the "luks" option, Debian does not treat this as
>> a LUKS device. So when cryptsetup claims that /dev/sda2 "is not a
>> valid LUKS device" it is quite correct.
>>
>
> Thanks for the information.
>
>
> So, RTFM 'crypttab':  at boot time /sbin/cryptdisks_start will create a
> plain dm-crypt device with target name 'sda2_crypt'
> (/dev/mapper/sda2_crypt) from source device /dev/sda2 with a 256-bit key
> (option 'size') from file /dev/urandom and with cipher aes-xts-plain64
> (option 'cipher'), and then run /sbin/mkswap on the created device
> (option 'swap') (?).
>
>
> And, as plain dm-crypt devices do not have a LUKS header,
> 'luksHeaderBackup' has nothing to back up and the error message I'm
> seeing is expected and correct (?).
>
>
> David
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


More information about the dm-crypt mailing list