On Tue, Sep 23, 2008 at 12:37:46AM -0700, Ian Kelling wrote: > Hello, I'm new to the list. > > I have a crypt device needs to be reliably unmounted and secured and I'd > like to avoid shutting down. Heres what I'm doing in bash to deal with > failed commands: > > > cd /dev/mapper > fuser -km crypt-foo > umount crypt-foo || umount -l crypt-foo > cryptsetup luksClose crypt-foo || rm -f crypt-foo crypt-swap || halt > > When it fails on cryptsetup and succeeds at "rm -f crypt-foo", is is the > device secure? Meaning it cannot be accessed without entering the key > again. This is not counting data that may have been read from the device > and left in memory. I assume powering off makes it secure, is that right? > Any suggestions? In light of some recent publications, powering off still makes it secure, it may just take a quater hour or so. However I would feel not to good about the "rm". Would it not be better to check the output of "mount"? Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
