Hi Michael, yes, you are right. Thanks. I think reencryption should be mentioned in Item 6.10. Fixed. Regards, Arno On Fri, Jan 06, 2017 at 13:53:37 CET, Michael Kjörling wrote: > For some reason this e-mail has failed to show up on the list, so I'm > sending it again. If this ends up being a duplicate, please accept my > apologies in advance and feel free to delete this copy. > > I was poking around the cryptsetup FAQ, mostly out of idle curiosity, > and noticed that section 6.10 (How do I recover the master key from a > mapped LUKS container?) states that > > > Changing the master key requires a full data backup, luksFormat and > > then restore of the backup. > > But as far as I understand it, this isn't the case any longer; > https://gitlab.com/cryptsetup/cryptsetup/commits/master/src/cryptsetup_reencrypt.c > says that cryptsetup-reencrypt was born in mid-2012, and my > understanding is that changing the master key is one of the major use > cases for cryptsetup-reencrypt (the other being to change from one > cipher or set of cipher settings to another). > > Isn't it time that the FAQ is updated to at least point out the > existence of cryptsetup-reencrypt? > > A backup would still very much be advised, but unless I'm mistaken, > changing the master key is now merely an offline operation rather than > a luks(re)Format operation. > > -- > Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx > “People who think they know everything really annoy > those of us who know we don’t.” (Bjarne Stroustrup) > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
