Hello I read the FAQ, the point 5.19, especially: (...) However, for LUKS, the worst case is that key-slots and LUKS header may end up in these internal pools. This means that password management functionality is compromised (the old passwords may still be around, potentially for a very long time) and that fast erase by overwriting the header and key-slot area is insecure. (...) Now, we have a cryptsetup-reencrypt tool that could change the master-key. So, we could use it after changing a password for a slot. But, dm-crypt use 512bytes for block operations, so the problem remains the same? An attacker with the knowledge of the master-key could read old sectors un-erased and decipher data? Thanks Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
