[dm-crypt] The future of disk encryption with LUKS2

f-dm-c at media.mit.edu f-dm-c at media.mit.edu
Mon Feb 8 21:05:22 CET 2016

    > Date: Mon, 8 Feb 2016 17:51:24 +0100
    > From: Arno Wagner <arno at wagner.name>

    > On Mon, Feb 08, 2016 at 07:09:24 CET, f-dm-c at media.mit.edu wrote:
    > [...]

    > > [For example, and to take into account "OMG but what if massive giant
    > > corruptions and/or mislayered tables at start," have these as defaults:
    > > (a) FS < 10 meg --> no extra header
    > > (b) 10 meg < FS < 100 meg --> extra header after 1 meg gap
    > > (c) 100 meg < FS < 10 gig --> extra header after 10 meg gap
    > > (d) fs > 10 gig --> extra header after 100 meg gap

    > That strikes me as an exceedingly bad idea as it will be 
    > unpredictable to those users that need it. And I do not like
    > different places for md-RAID 1.x format superblocks one bit.
    > We should pick one thing, make it otional (but on by default)
    > and stick with it, so users do know where it is, regardless 
    > of other parameters.

I only said that to try to quell the "but it's -not enough- of an
offset," because someone can always spin an even-worse-case where
whatever you do just isn't enough.  As I originally said, the least
complicated thing seems to be to just repeat the header right after
the original header, perhaps with a megabyte or so of padding between
them.  (But even if you had these extra headers at varied offsets,
you only have 3 different places to look, and if it's not a header,
it will look all wrong, including failing a checksum.)

More information about the dm-crypt mailing list