Hey Milan, On 27/06/2010 Milan Broz wrote: > On 06/27/2010 12:34 AM, Jonas Meurer wrote: > >Milan, if you're reading this: does luksSuspend work for plain dm-crypt > >devices as well? > > yep, I am reading this just have no time to respond to all of these Debian > reports:-)
quite understandable. just don't reply if you don't have the time to do so ;-) it would be great if you could help with upstream issues (i.e. #586120, #584174, #586286) and i'll try to cope with the remaining, distro-specific issues. you already do a great job at maintaining cryptsetup!!! > You cannot use luksSuspend for plain device, but you can use dmsetup. > > I described this long time ago here (probably before luksSuspend was even > implemented) > http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859 > > Maybe I can add some "kill key" for plain device command to cryptsetup? > > (The problem is that in LUKS you can check that calculated key is correct, > so luksResume is possible. In plain crypt device you are simple providing key > so there cannot be perfect equivalent of Resume - any key will fit and if > it is not correct, you data will be corrupted later.) i'm not sure whether wiping the key at shutdown process is a good idea at all. properly removing/luksClosing should work on clean setups, and force-wiping the key could lead to data corruption if i got it right. thus a clear warning that remove/luksClose failed is my favourite. greetings, jonas
signature.asc
Description: Digital signature

