Hey Milan,

On 27/06/2010 Milan Broz wrote:
> On 06/27/2010 12:34 AM, Jonas Meurer wrote:
> >Milan, if you're reading this: does luksSuspend work for plain dm-crypt
> >devices as well?
> 
> yep, I am reading this just have no time to respond to all of these Debian 
> reports:-)

quite understandable. just don't reply if you don't have the time to do
so ;-) it would be great if you could help with upstream issues (i.e.
#586120, #584174, #586286) and i'll try to cope with the remaining,
distro-specific issues. you already do a great job at maintaining
cryptsetup!!!

> You cannot use luksSuspend for plain device, but you can use dmsetup.
> 
> I described this long time ago here (probably before luksSuspend was even 
> implemented)
>  http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859
> 
> Maybe I can add some "kill key" for plain device command to cryptsetup?
> 
> (The problem is that in LUKS you can check that calculated key is correct,
> so luksResume is possible. In plain crypt device you are simple providing key
> so there cannot be perfect equivalent of Resume - any key will fit and if
> it is not correct, you data will be corrupted later.)

i'm not sure whether wiping the key at shutdown process is a good idea
at all. properly removing/luksClosing should work on clean setups, and
force-wiping the key could lead to data corruption if i got it right.
thus a clear warning that remove/luksClose failed is my favourite.

greetings,
 jonas

Attachment: signature.asc
Description: Digital signature

Reply via email to