On Mon, Aug 27, 2012 at 12:20:28PM +0200, Milan Broz wrote: > On 08/27/2012 11:51 AM, Andr?s Korn wrote: > > > That means that the offsets from the FAQ don't apply to my LUKS > > container and that keyslot #2 has been wiped after all. > > Not sure if it is good idea to have these in FAQ, it depends on > key size. (But there are usually only 3 variants for 128,256 and 512bits). I use 64 in "smalles possible LUKS container", but 64 is basically always insecure today. > I wonder adding this directly to luksDump would help? > > Like > ... > Key material offset: 8 > Key slot area offset: 0x1000 - 0x21000 > ... > > (here with padding, perhaps it is better print used area only without padding...) Best would be to dump where everything actually is, maybe even with sector-numbers added and total size. Then I can do one example in the FAQ (the one already there) and say that padding, offsets, different key-sizes and modes (XTS), different versions of cryptsetup on creation, etc. can all shift these and refer to luksDump. That would also cover all future changes. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
