That was a joke, BTW ;-) Regards, Arno On Thu, Apr 07, 2016 at 11:39:09 CEST, Arno Wagner wrote: > In fact, as confidental data can be written to swap, > changing the key on boot is a security feature. > > Rergards, > Arno > > > On Wed, Apr 06, 2016 at 22:26:09 CEST, Sven Eschenberg wrote: > > Yes David, > > > > You are right. And as long as you do not need persistant swap to > > i.e. store a hibernate image, it is absolutely reasonable to use a > > new random key on each boot. > > > > Regards > > > > -Sven > > > > > > Am 06.04.2016 um 21:35 schrieb David Christensen: > > >On 04/06/2016 03:55 AM, Michael Kjörling wrote: > > >>On 5 Apr 2016 21:25 -0700, from dpchrist@xxxxxxxxxxxxxxxx (David > > >>Christensen): > > >>># grep sda2 /etc/crypttab > > >>>sda2_crypt /dev/sda2 /dev/urandom > > >>>cipher=aes-xts-plain64,size=256,swap > > >> > > >>Since you don't have the "luks" option, Debian does not treat this as > > >>a LUKS device. So when cryptsetup claims that /dev/sda2 "is not a > > >>valid LUKS device" it is quite correct. > > >> > > > > > >Thanks for the information. > > > > > > > > >So, RTFM 'crypttab': at boot time /sbin/cryptdisks_start will create a > > >plain dm-crypt device with target name 'sda2_crypt' > > >(/dev/mapper/sda2_crypt) from source device /dev/sda2 with a 256-bit key > > >(option 'size') from file /dev/urandom and with cipher aes-xts-plain64 > > >(option 'cipher'), and then run /sbin/mkswap on the created device > > >(option 'swap') (?). > > > > > > > > >And, as plain dm-crypt devices do not have a LUKS header, > > >'luksHeaderBackup' has nothing to back up and the error message I'm > > >seeing is expected and correct (?). > > > > > > > > >David > > > > > >_______________________________________________ > > >dm-crypt mailing list > > >dm-crypt@xxxxxxxx > > >http://www.saout.de/mailman/listinfo/dm-crypt > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > A good decision is based on knowledge and not on numbers. -- Plato > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
