On 08/07/2019 18:14, Maksim Fomin wrote: > I am using disk encryption with cryptsetup utility in plain mode for > some time. Whenever discussion of choice between LUKS and plain mode > pops up (distro discussion, boot loader support, filesystem) plain > mode is characterized as something which should be avoided (I have > read the FAQ and my question is not about information contained in > it). For example, grub team rejected patches for supporting plain > mode (and other features like detached LUKS header) because it was > considered as a "bad" feature (to be precise, the objection of grub > team was that in grub v2 'grub-install' should autodetect everything > which is impossible for plain mode). > > My question is folows: will dm-crypt and cryptsetup support plain > mode encryption in future years? My question may sound somewhat > extreme, but in recent years there were cases when big open software > projects eliminated significant features and some portion of their > user base. The "plain" mode is just direct wrapper around dm-crypt. The only difference is if keyfile (in cryptsetup) is not used, the volume key is directly derived from a password (that is not a good practice). If you use randomly generated keyfile and the same encryption algorithm is used, then there is really no "security" difference comparing to LUKS, except usability (in the plain mode you have to maintain all parameters, in LUKS the header metadata solves it for you). The plain mode is not going to be removed from cryptsetup (as long as I am the maintainer :), maybe we will have to change default encryption algorithm parameters though (you can always overwrite it using command line switches). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
