Hi Ondrej, On 2020-06-15 17:33, Ondrej Kozina wrote:
Assume you're trying to achieve detached LUKS2 header 16 MiBs in size (default LUKS2 header size) with data offset starting on different data device at offset X. Am I right?
Yes, that is correct - I tried it with a detached header and a containerfile first on the same device because that way I could just use a temp folder instead of messing with /dev/sdX while testing. But the end aim was to create a LUKS container with a detached header on an external hard drive which never gets to see the header.
Nevertheless you have found some issues (more on that later).
Well - that was an interesting read - it was really not clear to me that the header size could be expanded to gigabytes (by default) to increase the difficulty to extract it by analysis (that is how I think it is intended?). Thank you very much for the detailed explanation - I think it might be worth to add a description / example for that scenario to the manpage / --help output: The reason I never thought about messing with the header size was because I didn't realize it was auto-growing. My initial thought was that this would also explain the long write operation with my workaround & the --align-payload - but if, in the process, you were able to find another bug... all the better ;) I would help you with a bug report, but I am preparing for a move to another country (hence the need for an encrypted external drive) and need to arrange stuff still - no time for a bugreport right now... If I get around to it later, I'll do it. Cheers & thanks for the good software :) /aral _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
