Gavin Wahl schrieb: > I was reading the LUKS specification and noticed that revoking a user's key > does nothing to stop them from accessing the encrypted partition if they > have stored the master key from the partition. Once given access, they can > decrypt and store the master key, and nothing short of changing the master > key can prevent future access. Revoking a key is only useful if a third party has obtained access to a passphrase, but before that party has had a chance to use the passphrase and get the master key. Once that has happend, you have to reencrypt your data, which is not easily possible. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
