[dm-crypt] --key-file size...

Arno Wagner arno at wagner.name
Fri Jan 25 20:31:19 CET 2013

On Thu, Jan 24, 2013 at 05:36:24PM +0000, Andrea wrote:
> On Thu, Jan 24, 2013 at 04:42:51PM +0100, Arno Wagner wrote:
> Hi Arno,
>    and thanks a lot for your quick reply.
> > You are using plain dm-crypt (you really should use LUKS).
> I really like the "stealth" mode of plain. With LUKS header they can see
> there's encrypted stuff. 

The only stealthy thing between "plain" and LUKS is that with
LUKS there is an ambiguity between encrypted and "secure 
wiped", but that is all. 

> Anyway, maybe I should just set an offset.
> > So nothing wrong.
> Yep. Is there a way for me to have a big key? Using LUKS? LoopaesOpen?
> Does it worth it?

No. A good passphrase is enough. 

> I mean, I am a little bit paranoid about leaking our patient info (they
> are about AIDS and so on).

Go LUKS. More secure anyways. And you can have a recovery-passphrase 
in a sealed envelope in your safe. 

> Thanks a lot for your time,
> A.

No problem.


Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

More information about the dm-crypt mailing list