On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote: > On 20/06/2006 Andrew Pimlott wrote: > > I mean _if I explicitly promise so_, we should expect that. So give me > > some configuration directive like LuksOnly that I can set. > > looks like overkill for me. users who use only luks don't need to > specify that. 'cryptsetup isLuks' is run against every source device > anyway, before invoking 'cryptsetup luksOpen'. so there should be no > need for a LuksOnly option.
But as I understand, a randomly keyed partition can't be done with Luks (or can it?). So even for a user who uses Luks for all his permanent partitions, there will still be the swap partition (or mabye a /tmp partition) that cannot be identified. If we had LuksOnly, we could be confident that those partitions are disposible. However it may still be overkill. I would be happy enough if there were a check for randomly keyed swap partitions that verifies that the source device is 1) not a formatted, unencrypted volume and 2) not Luks. That's still a good measure of safety. Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
