justin wrote: > That all seems very straight foreward, but what happens when it closes? Does > it do more than delete /dev/mapper/encrypt? I would hope that it writes over > the key in memory. Is that right? If not, is there some way to make sure that > the key is wiped? luksClose basically calls device-mapper remove ioctl. When the crypt target is removed, destructor wipes memory with key before the memory is deallocated. See crypt_dtr() call in dm-crypt.c in kernel source. In userspace for luksClose is no key needed - so there is no risk at all. Milan -- mbroz@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
