I'm a heavy believer in the backup mantra "2 is 1 and 1 is none", and start to feel comfortable when I have 3. Luckily I had backups to handle my recent data loss with LUKS, but I had to suffer a long restore time as the capacities get larger.
Are there backup headers/superblocks/metadata (whatever you call it) within the LUKS container so that if the header
is somehow corrupt, I can utilize the backup copy from within the container like file systems have. (I understand there is still a question
of pre-decryption / post decryption. Since these are usually long running file servers, I've found lots of discussions about passphrase recovery while the systems are still running and not luksClosed). I did google around for LUKS recovery procedures, but there were lots of bad long involved processes out there that didn't work or I couldn't get to work.
I now see the luksHeaderBackup and luksHeaderRestore commands.(My excuse is that I don't recall them when I first learned about cryptsetup many years ago.) but it sounds like I have (or some sysadmin has) to make my own backups of this information else if I don't, I'm screwed if I get corruption in the LUKS header so it is almost a mandatory procedure -- something I think lot of people would also not have done.
Yes, I have seen a seasoned sysadmin run #rm -rf * from root on a production server, so I could forsee someone doing something to mess up the LUKS headers.
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
