Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: encrypted swap with
variable key fails
Jonas Meurer
jonas at freesources.org
Tue Jun 20 16:40:56 UTC 2006
On 19/06/2006 Andrew Pimlott wrote:
> Automatically formatting a swap partition is a destructive operation, so
> all reasonable checks should be made before doing it. It is currently
> not possible to positively identify a swap partition encrypted with a
> random key; nor is it possible to negatively identify a partition as not
> encrypted (with some unknown key). This gives me two ideas:
at least we can be sure that devices with a known filesystem don't
contain encrypted data. so we can skip those.
> 1. Create a marking for partitions to be encrypted with a random key,
> allowing for the positive identification above. Perhaps this should
> be part of LUKS.
i see this more as a feature than as a bug. there may exist situations
where you don't want your device to be marked as 'contains encrypted
data'.
> 2. If I use LUKS for all encrypted filesystems, I believe it is
> possible to perform the negative identification above. That is, if
> I don't see the LUKS header, and the partition does not have an
> unencrypted volume, then it is safe to destroy. So let me promise
> that I have no non-LUKS encrypted filesystems.
i'm not sure that i understand. you mean that all encrypted non-swap
devices should be LUKS devices? we should never expect that.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list