[pkg-cryptsetup-devel] Bug#491867: closed by Jonas Meurer <mejo at debian.org> (Bug#491867: fixed in cryptsetup 2:1.0.6-4)
Helmut Grohne
helmut at subdivi.de
Tue Sep 9 18:03:31 UTC 2008
reopen 491867
severity 491867 serious
thanks
> - Fix section ''9. The "decrypt_derived" keyscript'': Add swap option to
> the example line for crypttab and other minor fixes. Thanks to
> Helmut Grohne <helmut at subdivi.de>. (closes: #491867)
The fix actually makes things worse.
The document says:
| If cryptswap is used as your suspend/resume device, you'd normally need to
| enter two different passphrases during the boot, but the "decrypt_derived"
| script can generate the key for the second mapping using a hash of the key
| for the first mapping.
I conclude that this kind of cryptswap is intended for use with suspend
& resume.
In Step 3 you added the option "swap" which translates to "Run mkswap on
the created device." according to man crypttab.
So this will run mkswap on the resume device.
I mark the bug as release critical, because application of these steps
will result in data loss.
Helmut
PS: I wonder how these instructions actually ever worked when you tried
them on your machine.
More information about the pkg-cryptsetup-devel
mailing list