I am opposed to this. cryptsetup is not at fault here, it displays a big, fat warning (unless disabled). If an installer decides to suppress that warning and give something far less clear, then the installer is broken and needs to be fixed. A good installer would give a very clear warning and require more than just a click or "RETURN" as confirmation. cryptsetup already does both. In addition, any kind of automatic header backup breaks the LUKS security model and needs to come with a very clear warning if automatized (as in an installer). The problem is that old passphrases will be stored and will survive deletion in the active LUKS header. That is not good at all. The right thing here is to complain to those that made the broken (or not careful enough) installer and to ask them to either keep the very clear warning and verification question asked by cryptsetup, or to do something equally clear themselves. Side note: I am unsure whether Ubuntu has fixed this issue by now. Does anybody know? Side note 2: Added a generic warning about dangerous distro installers to the FAQ. Arno On Mon, Oct 31, 2011 at 04:30:11AM +0100, ingo.schmitt@xxxxxxxxxxxxxxxxx wrote: > Another idea: Cryptsetup should offer to backup the header > on the same drive when changes to an existing header are requested. > > I assume that headers size isn't an issue. > > Thx, > Ingo > > On 10/31/2011 01:30 AM, Aleksander Swirski wrote: > >I'm pretty sure this warning is only displayed when someone decides to > >create new crypto on some partition or fill encrypted device with random > >data in the next step after setting the password. but just setting the > >password on an existing device makes data unusable without warning. when > >the partitioning is finished there is a list of partitions that will be > >wiped out, and also, during my installation crypto-deviced and /home > >inside LVM was not listed there, but already lost few clicks earlier. > > > >i understand that it wasn't taken into consideration that someone can > >attach existing encrypted device, but only that a new one will be > >created. this is inconsistent with how it goes with unencrypted > >partitions, where you can reattach them without formatting and keep your > >data. so i guess with encrypted partition this should also work that > >way. or maybe i miss the point? i will try to make the whole scenario > >clear, and then send my proposition, to debian-boot@xxxxxxxxxxxxxxxx > ><mailto:debian-boot@xxxxxxxxxxxxxxxx> > > > >On 30 October 2011 23:25, Jonas Meurer <jonas@xxxxxxxxxxxxxxx > ><mailto:jonas@xxxxxxxxxxxxxxx>> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi Aleksander, > > > > Am 30.10.2011 19:56, schrieb Aleksander Swirski: > > > I will also try to push this info to the debian devs. I'm not sure > > > how to do that properly (hint appreciated). I know, that the route > > > of installation I took is not a common one, but a simple warning > > > would suffice to avoid this kind of trouble. After all my encrypted > > > LVM and specifically the /home partition within LVM wasn't listed > > > among those, which are to be erased at any point during the > > > installation. (I marked them with - K - keep the data) > > > > I guess that you selected to configure the device which contained the > > LVM volume group as new encrypted device. Then you where asked for the > > new passphrase twice, and a new LUKS header was written to the device, > > overwriting the old LUKS header. That way you shredded all the > > encrypted data on that device, regardless what it was. > > > > The partitions you marked as "keep the data" weren't overwritten, just > > the LUKS header of underlying device was overwritten. > > > > I agree, that a warning in the Debian Installer is a good idea, but to > > be honest, there's already a big fat warning: > > > > > _Description: Really erase the data on ${DEVICE}? The data on > > > ${DEVICE} will be overwritten with random data. It can no longer be > > > recovered after this step has completed. This is the last > > > opportunity to abort the erase. > > > > (from > > http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=debian/partman-crypto.templates) > > > > If you like to propose changes to the (warnings in the) process of > > configuring encrypted volumes during installation of Debian, feel free > > to discuss this on debian-boot@xxxxxxxxxxxxxxxx > > <mailto:debian-boot@xxxxxxxxxxxxxxxx>. You might as well > > take a look at the following page: > > http://wiki.debian.org/DebianInstaller/PartmanCrypto > > > > Greetings, > > jonas > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.11 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iQIcBAEBAgAGBQJOrc7tAAoJEFJi5/9JEEn+bo4P/0vX3AxnpXzWO3NUvYW2wh6H > > k7v8Dhx6Rw5HXttHuF8JSypkvcHuLfWyGLq0J4qlsw4GvK/cPtwdCuSe//uJvqSB > > 4Z6qj55E/3/M+aEBMzT9oBeZ5DVGPp0+76VWFNijGzHYMoT4YYm0pZBsmfZ7U2RJ > > +7xFyGP0d7oXJIqoW8aUyufgdYnRNdcZdJtY27XHgKW1m9ytllIuK0h7hl410/L0 > > vy2t4IqSlO5Uko1/bOf3FETNkBRTUl4T2jWMP3dEpNMRobB1ZH5I5menXWSwzgR9 > > c2QWRkwQ8iUsAdakofnl9O1jhtw3Z9MKxHQbnxh32oNuS5Aaf5xxfiI7jXf3yY/L > > GUKyIOa5nGtNtwUt4l0RTJAKoyY2J2KtBJm+JL51tQ3q/iyZsfRLVmyczlkzKUhj > > vMKgSzhV8/IyQ/snqftAMqmRXYgaOE3qDCe8MR+EChIFwX2Zr+eRWdRzVFDjQ0kP > > Cyc6Yw3TrthD8GuWWxU93tE3YMVxgI76+lDk/LBLZjviMTEfkR5e+gmuoff+Xdta > > aBYek7loOjkqb+gJ6qeqAKuDLAZnw/BmHfgpYQpatdSeiV6jpGPkGMbYTwDHLlXR > > rE72FJe1emdcDWQ6TE8SP+6KW22HirBPD5q6DPqJ2Oxcxx+AotXeLvDpnhd9S5b2 > > fDNHacCUklPyCeH81nsH > > =PLsS > > -----END PGP SIGNATURE----- > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx <mailto:dm-crypt@xxxxxxxx> > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > > > >_______________________________________________ > >dm-crypt mailing list > >dm-crypt@xxxxxxxx > >http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
