I was poking around the cryptsetup FAQ, mostly out of idle curiosity, and noticed that section 6.10 (How do I recover the master key from a mapped LUKS container?) states that > Changing the master key requires a full data backup, luksFormat and > then restore of the backup. But as far as I understand it, this isn't the case any longer; https://gitlab.com/cryptsetup/cryptsetup/commits/master/src/cryptsetup_reencrypt.c says that cryptsetup-reencrypt was born in mid-2012, and my understanding is that changing the master key is one of the major use cases for cryptsetup-reencrypt (the other being to change from one cipher or set of cipher settings to another). Isn't it time that the FAQ is updated to at least point out the existence of cryptsetup-reencrypt? A backup would still very much be advised, but unless I'm mistaken, changing the master key is now merely an offline operation rather than a luks(re)Format operation. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt