On Sun, Jun 25, 2006 at 04:13:20PM +0200, Jonas Meurer wrote:
> On 21/06/2006 Andrew Pimlott wrote:
> > True, but this can't be configured in crypttab, which makes it
> > effectively unavailable. Moreover, it wouldn't provide much additional
> > safety. Presumably, a hypothetical "luksrandom" key
On 21/06/2006 Andrew Pimlott wrote:
> > first, LUKS devices with random key are possible, you just need to store
> > the random key after luksFormat, to reuse it for luksOpen. afterwards
> > you can shred/wipe the key.
>
> True, but this can't be configured in crypttab, which makes it
> effectivel
On 23/06/2006 Florian Weimer wrote:
> > the only cases that are known to me, where data loss may still occur
> > are encrypted devices without an identifying header, like plain dm-crypt
> > devices.
>
> Logical volumes are in this category, too.
how? if they don't contain any data? i don't talk a
* Jonas Meurer:
> On 22/06/2006 Florian Weimer wrote:
>> * Jonas Meurer:
>>
>> > why do you see any problems? it does nothing else than checking for a
>> > known filesystem before destroying any data on the source device.
>>
>> The current setup doesn't work with volume managers and things like
On 22/06/2006 Florian Weimer wrote:
> * Jonas Meurer:
>
> > why do you see any problems? it does nothing else than checking for a
> > known filesystem before destroying any data on the source device.
>
> The current setup doesn't work with volume managers and things like
> that. These don't have
On Tue, Jun 20, 2006 at 11:28:57PM +0200, Jonas Meurer wrote:
> On 20/06/2006 Andrew Pimlott wrote:
> > On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote:
> > But as I understand, a randomly keyed partition can't be done with Luks
> > (or can it?).
>
> first, LUKS devices with random ke
* Jonas Meurer:
> why do you see any problems? it does nothing else than checking for a
> known filesystem before destroying any data on the source device.
The current setup doesn't work with volume managers and things like
that. These don't have any partition types AFAIK. Most people will
call
On 20/06/2006 Andrew Pimlott wrote:
> On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote:
> > On 20/06/2006 Andrew Pimlott wrote:
> > > I mean _if I explicitly promise so_, we should expect that. So give me
> > > some configuration directive like LuksOnly that I can set.
> >
> > looks l
On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote:
> On 20/06/2006 Andrew Pimlott wrote:
> > I mean _if I explicitly promise so_, we should expect that. So give me
> > some configuration directive like LuksOnly that I can set.
>
> looks like overkill for me. users who use only luks don
On 20/06/2006 Andrew Pimlott wrote:
> > there may exist situations
> > where you don't want your device to be marked as 'contains encrypted
> > data'.
>
> Right, however most users would be happy to put such a mark if it
> increased safety. So it would be a nice option.
yes, that's exactly what
On Tue, Jun 20, 2006 at 06:40:56PM +0200, Jonas Meurer wrote:
> On 19/06/2006 Andrew Pimlott wrote:
> > 1. Create a marking for partitions to be encrypted with a random key,
> > allowing for the positive identification above. Perhaps this should
> > be part of LUKS.
>
> i see this more a
On 20/06/2006 Dick Middleton wrote:
> What I don't understand is why it's doing any checks at all when not
> requested. It seems to me that checking for the existence of a
> filesystem on an arbitrary partition is a bold assumption. That is
> properly the business of mount.
why do you see any
On 19/06/2006 Andrew Pimlott wrote:
> Automatically formatting a swap partition is a destructive operation, so
> all reasonable checks should be made before doing it. It is currently
> not possible to positively identify a swap partition encrypted with a
> random key; nor is it possible to negativ
13 matches
Mail list logo