Re: LUKS and LVM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the reply!

With regards to the multiple containers, the configuration I'd run across was one container per partition, with the key for each stored in /. When the system was booted, the passphrase was entered, and each partition's container opened and mounted automatically.

On 19/02/2011, Arno Wagner wrote:
I typically randomise my block device before creating a LUKS container
on it.  Option 2 would seem to reduce the effectiveness of this because
LVM will give clues to where real data might be.

I don't follow. That encrypted data is present is obvious from
the LUKS header. What is in the container(s) is as opaque in
(1) as it is in (2), given that cryptographically strong
randomness is used for the overwrite (I use plain dm-crypt
with a random password and overwrite with conventional,
mt19997-generated randomness).

I meant not that the data protection of one was better than the other, but rather in (2) LVM will store in plain-text both the start and end offset of the partition. So perhaps an attacker would have a better idea of where data is. Comparing knowing the partition starts at X and ends at Y, there is probably some encrypted data in there somewhere, versus a giant container with no indication of structure (could be encrypted data or could be random garbage).

Thanks,
Eric

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux