On Fri, Apr 15, 2011 at 11:52 PM, Cristian KLEIN <cristiklein@xxxxxxxxx> wrote: ... > A posteriori, I cannot help wonder why such pretious information isn't > kept redundantly. Surely LUKS could have stored the header in 10 random > sectors with an easy-to-grep "HERE I AM" banner. Wouldn't this allow > users to recover the master-key (and part of the file-system) without > compromising security? ... It's supposed to be fragile and easily destroyed, this is by design. I don't think we should bother with complicated safeguards for people doing silly things. That installer interface should be modified long, long, long before the on-disk format is. Accidently running cryptsetup luksFormat is unfortunate, as is running mkfs or dd on the wrong device. Good thing for backups. -- Roscoe _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
