Yes David,
You are right. And as long as you do not need persistant swap to i.e.
store a hibernate image, it is absolutely reasonable to use a new random
key on each boot.
Regards
-Sven
Am 06.04.2016 um 21:35 schrieb David Christensen:
On 04/06/2016 03:55 AM, Michael Kjörling wrote:
On 5 Apr 2016 21:25 -0700, from dpchrist@xxxxxxxxxxxxxxxx (David
Christensen):
# grep sda2 /etc/crypttab
sda2_crypt /dev/sda2 /dev/urandom
cipher=aes-xts-plain64,size=256,swap
Since you don't have the "luks" option, Debian does not treat this as
a LUKS device. So when cryptsetup claims that /dev/sda2 "is not a
valid LUKS device" it is quite correct.
Thanks for the information.
So, RTFM 'crypttab': at boot time /sbin/cryptdisks_start will create a
plain dm-crypt device with target name 'sda2_crypt'
(/dev/mapper/sda2_crypt) from source device /dev/sda2 with a 256-bit key
(option 'size') from file /dev/urandom and with cipher aes-xts-plain64
(option 'cipher'), and then run /sbin/mkswap on the created device
(option 'swap') (?).
And, as plain dm-crypt devices do not have a LUKS header,
'luksHeaderBackup' has nothing to back up and the error message I'm
seeing is expected and correct (?).
David
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
