On Fri, May 16, 2014 at 6:23 PM, .. ink .. <mhogomchungu@xxxxxxxxx> wrote:
On Fri, May 16, 2014 at 9:13 AM, Franz <169101@xxxxxxxxx> wrote:
I do not get clearly the advantage of having the header separated from the container. If I have header and container together, you tell that anybody can easily find this is a LUKS container. They cannot open it but they know there is something hidden.
yesBut isn't the same happening if container and header are separated? I suppose that as well they can easily find the header (OR NOT?). They cannot open the container, but they know there is something hidden. Yes they do not know WHERE it is hidden in this case, but how important is this if in any case they cannot open it?
with a detached header,when somebody gets a hold of the header less volume,they will not know the volume has encrypted data using LUKS,at best,they may suspect but not know.You will not get many successes when trying to convince somebody that your 200MB file made up of cryptographically sound random data is not an encrypted volume but at least you will get the opportunity to try.A LUKS volume with attached header will not give you this opportunity and a detached header seeks to give it back.
Which one of the supported cryptsetup volume you should use depends on your use case but they all largely give marginal benefits when compared to each other for most use cases
Many thanks INK. Finally did not try to separate the header, but got everything working now and can start using it, with a little .sh file than runs the steps you indicated in your second post. For my wife, that cordially hates computers, it is easier to use it this way than following previous truecrypt GUI steps. Now she only has to open a terminal, write in an alias and fill in a password, when asked for it :-). My plan is to periodically save the file for backup.
Best
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt