Ok then. You know, firstly I wrote long answer for you, but I then I
thought it would be counterproductive. So I try to make things simpler.
cryptsetup has a --header option, right? So, my first question - why? :)
From man: "This options allows one to store ciphertext and LUKS header
on different devices." Why would anyone want header to be on different
device? From FAQ, about differences between plain and LUKS mode: "it is
not readily apparent that there even is encrypted data on the device, as
an overwrite with crypto-grade randomness (e.g. from /dev/urandom) looks
exactly the same on disk." (and yes, I read the side-note below). So, I
thought --header is for those, who want their LUKS containers look like
just random data, having one device with random data and a file, where
it is written "I am a LUKS header". And I wanted to have one device with
random data and a file with random data - I thought it would be more
secure in some ways. So, the second thing I really want to know - where
is the bad logic in my reasonings? :)
Thanks!
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
