On Sat, Dec 14, 2019 at 05:28:31 CET, Robert Nichols wrote: > On 12/13/19 8:59 AM, Milan Broz wrote: > >Hi, > > > >On 07/12/2019 00:10, Chris Murphy wrote: > >>I'm wondering if it's possible, or LUKS2 could be extended, to support > >>an non-encrypted target. That is, the virtual device and backing > >>device would contain the same information. > > > >(You are not the first one asking for support for this option.) > > > >In fact, the support is already there. But I am reluctant to officially > >support it for a very long time, because it would be super confusing > >for users (We have LUKS, but actually no encryption?!) > > How about using real encryption but use /dev/null as the key-file? > (Just a thought.) I can see some nice failure modes with that, e.g. with accidentally empty key files. I am also not sure what the use-case of the whole thing is besides benchmarking and debugging as Milan said. If you want to put evertyhing in place, but do not encrypt (yet) so you can just encrypt data in place later, this may be the wrong approach. I reccomend (and I think that is in the FAQ) to do a backup, wipe the data and make a LUKS container and then to restore that backup. Doing this without backup is dangerous anyways. I think this may not have a good solution and we should default to "secure" here. There are far too many security issues today that come from people having selected "convenient" instead. Having some way to do this that is not too convenient or obvious is fine. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
