[dm-crypt] yet another "lost my partition" message
eocsor at gmail.com
Fri Apr 15 16:15:59 CEST 2011
On Fri, Apr 15, 2011 at 11:52 PM, Cristian KLEIN <cristiklein at gmail.com> wrote:
> A posteriori, I cannot help wonder why such pretious information isn't
> kept redundantly. Surely LUKS could have stored the header in 10 random
> sectors with an easy-to-grep "HERE I AM" banner. Wouldn't this allow
> users to recover the master-key (and part of the file-system) without
> compromising security?
It's supposed to be fragile and easily destroyed, this is by design.
I don't think we should bother with complicated safeguards for people
doing silly things. That installer interface should be modified long,
long, long before the on-disk format is.
Accidently running cryptsetup luksFormat is unfortunate, as is running
mkfs or dd on the wrong device. Good thing for backups.
More information about the dm-crypt