[dm-crypt] Debian 7.10 random key swap Device /dev/sda2 is not a valid LUKS device.

Arno Wagner arno at wagner.name
Thu Apr 7 11:46:49 CEST 2016


That was a joke, BTW ;-)

Regards,
Arno

On Thu, Apr 07, 2016 at 11:39:09 CEST, Arno Wagner wrote:
> In fact, as confidental data can be written to swap,
> changing the key on boot is a security feature.
> 
> Rergards,
> Arno
> 
> 
> On Wed, Apr 06, 2016 at 22:26:09 CEST, Sven Eschenberg wrote:
> > Yes David,
> > 
> > You are right. And as long as you do not need persistant swap to
> > i.e. store a hibernate image, it is absolutely reasonable to use a
> > new random key on each boot.
> > 
> > Regards
> > 
> > -Sven
> > 
> > 
> > Am 06.04.2016 um 21:35 schrieb David Christensen:
> > >On 04/06/2016 03:55 AM, Michael Kjörling wrote:
> > >>On 5 Apr 2016 21:25 -0700, from dpchrist at holgerdanske.com (David
> > >>Christensen):
> > >>># grep sda2 /etc/crypttab
> > >>>sda2_crypt /dev/sda2                                 /dev/urandom
> > >>>cipher=aes-xts-plain64,size=256,swap
> > >>
> > >>Since you don't have the "luks" option, Debian does not treat this as
> > >>a LUKS device. So when cryptsetup claims that /dev/sda2 "is not a
> > >>valid LUKS device" it is quite correct.
> > >>
> > >
> > >Thanks for the information.
> > >
> > >
> > >So, RTFM 'crypttab':  at boot time /sbin/cryptdisks_start will create a
> > >plain dm-crypt device with target name 'sda2_crypt'
> > >(/dev/mapper/sda2_crypt) from source device /dev/sda2 with a 256-bit key
> > >(option 'size') from file /dev/urandom and with cipher aes-xts-plain64
> > >(option 'cipher'), and then run /sbin/mkswap on the created device
> > >(option 'swap') (?).
> > >
> > >
> > >And, as plain dm-crypt devices do not have a LUKS header,
> > >'luksHeaderBackup' has nothing to back up and the error message I'm
> > >seeing is expected and correct (?).
> > >
> > >
> > >David
> > >
> > >_______________________________________________
> > >dm-crypt mailing list
> > >dm-crypt at saout.de
> > >http://www.saout.de/mailman/listinfo/dm-crypt
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> 
> -- 
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -- Plato
> 
> If it's in the news, don't worry about it.  The very definition of 
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list