[pkg-cryptsetup-devel] Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Milan Broz
mbroz at redhat.com
Sun Jun 27 09:46:37 UTC 2010
On 06/27/2010 12:34 AM, Jonas Meurer wrote:
> Milan, if you're reading this: does luksSuspend work for plain dm-crypt
> devices as well?
yep, I am reading this just have no time to respond to all of these Debian reports:-)
You cannot use luksSuspend for plain device, but you can use dmsetup.
I described this long time ago here (probably before luksSuspend was even implemented)
http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859
Maybe I can add some "kill key" for plain device command to cryptsetup?
(The problem is that in LUKS you can check that calculated key is correct,
so luksResume is possible. In plain crypt device you are simple providing key
so there cannot be perfect equivalent of Resume - any key will fit and if
it is not correct, you data will be corrupted later.)
Milan
More information about the pkg-cryptsetup-devel
mailing list