On 15/04/2011 16:15, Roscoe wrote: > On Fri, Apr 15, 2011 at 11:52 PM, Cristian KLEIN <cristiklein@xxxxxxxxx> wrote: > ... >> A posteriori, I cannot help wonder why such pretious information isn't >> kept redundantly. Surely LUKS could have stored the header in 10 random >> sectors with an easy-to-grep "HERE I AM" banner. Wouldn't this allow >> users to recover the master-key (and part of the file-system) without >> compromising security? > ... > > It's supposed to be fragile and easily destroyed, this is by design. I think users expect it to be *secure*, i.e., if a laptop gets stolen in an airport, the user has no worries. I'm not sure users appreciate "fragile". Personally, this is not what I expect from full-disk encryption. > Accidently running cryptsetup luksFormat is unfortunate, as is running > mkfs or dd on the wrong device. Good thing for backups. Still, mkfs and dd give you a second chance (see testdisk and friends). Why not luksFormat? Cristi. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
