[dm-crypt] Encrypt all partitions with dm-crypt
arno at wagner.name
Wed Sep 19 07:13:50 CEST 2012
On Wed, Sep 19, 2012 at 06:52:19AM +0200, Javier Juan Mart?nez Cabez?n wrote:
> On 19/09/12 06:15, Two Spirit wrote:
> > I'm interested in knowing what are some of the trade offs of using the LUKS
> > header v not using the LUKS header.Since I assume the content of the
> > encrypted data is secure, it doesn't matter if someone knows the data is
> > encrypted and has a header and the header only helps in recovery, so I'm
> > not quite seeing what would be an advantage of not using LUKS, but from the
> > email below, there seems to be some reason.
> Please check tha FAQ's
Indeed. Basically you get passphrase management
(up to 8, can be changed) and protection for
passphrases that are not so high in entropy
(iteration, salting). You also get management for
non-default crypto parameters.
Main drawback is that if you damage the header,
everything is gine. That is also an advantage if you
want easy secure deletion though.
Details in the FAQ, mostly Sections 2, 5 and 6.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt