Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: encrypted swap with
variable key fails
Andrew Pimlott
andrew at pimlott.net
Tue Jun 20 18:01:46 UTC 2006
On Tue, Jun 20, 2006 at 06:40:56PM +0200, Jonas Meurer wrote:
> On 19/06/2006 Andrew Pimlott wrote:
> > 1. Create a marking for partitions to be encrypted with a random key,
> > allowing for the positive identification above. Perhaps this should
> > be part of LUKS.
>
> i see this more as a feature than as a bug.
agree
> there may exist situations
> where you don't want your device to be marked as 'contains encrypted
> data'.
Right, however most users would be happy to put such a mark if it
increased safety. So it would be a nice option.
> > 2. If I use LUKS for all encrypted filesystems, I believe it is
> > possible to perform the negative identification above. That is, if
> > I don't see the LUKS header, and the partition does not have an
> > unencrypted volume, then it is safe to destroy. So let me promise
> > that I have no non-LUKS encrypted filesystems.
>
> i'm not sure that i understand. you mean that all encrypted non-swap
> devices should be LUKS devices? we should never expect that.
I mean _if I explicitly promise so_, we should expect that. So give me
some configuration directive like LuksOnly that I can set.
Andrew
More information about the Pkg-cryptsetup-devel
mailing list