Re: Required kernel crypto interface not available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Fri, May 16, 2014 at 9:13 AM, Franz <169101@xxxxxxxxx> wrote:
 
I do not get clearly the advantage of having the header separated from the container. If I have header and container together, you tell that anybody can easily find this is a LUKS container. They cannot open it but they know there is something hidden.

yes
But isn't the same happening if container and header are separated? I suppose that as well they can easily find the header (OR NOT?). They cannot open the container, but they know there is something hidden. Yes they do not know WHERE it is hidden in this case, but how important is this if in any case they cannot open it?
 
with a detached header,when somebody gets a hold of the header less volume,they will not know the volume has encrypted data using LUKS,at best,they may suspect but not know.You will not get many successes when trying to convince somebody that your 200MB file made up of cryptographically sound random data is not an encrypted volume but at least you will get the opportunity to try.A LUKS volume with attached header will not give you this opportunity and a detached header seeks to give it back.

Which one of the supported cryptsetup volume you should use depends on your use case but they all largely give marginal benefits when compared to each other for most use cases



_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux