[Pkg-cryptsetup-devel] Bug#371135: About Bug#371135:
suggestion
Michael Gebetsroither
gebi at sbox.tugraz.at
Fri Jun 30 08:18:17 UTC 2006
Quoting Jonas Meurer <jonas at freesources.org>:
> first, we should not require swap partitions to be LUKS encrypted. plain
> dm-crypt also has advantages.
I don't see any advantages of plain cryptsetup for swap devices.
> second, i don't think that we should automatically LUKS-format a partition
> at any time.
Whats the different between luks-format and initialising a plain
cryptsetup partition? If it's the wrong partition the data is gone.
>> plain cryptsetup should imho be deprecated for swap.
> i object here. again, forcing the admin to use LUKS for swap is not what
> we want.
but only with passive detection on plain cryptsetup partitions we are
_NOT_ able to prevent user failures in any case.
If we use luks for swap and add a command to reinitialise the
masterkey to cryptsetup we can definitly match the luks partition
against the given uuid in cryptdisks.
> exactly, and i don't see why we should take the responsibility that
> belongs to the admin. i like the idea of testing for common situations
> where data IS INDEED DESTROYED, but not to build further barriers for
> the admin.
Luks for swap could also be an optoin, but a highly recommend one.
> by the way, great to see you on the debian cryptsetup list, Michael.
was always there ;).
greets,
Michael
More information about the Pkg-cryptsetup-devel
mailing list