From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 27 Jul 2010 18:08:11 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 44D99121831E for ; Tue, 27 Jul 2010 18:08:11 +0200 (CEST) Date: Tue, 27 Jul 2010 18:08:10 +0200 From: Arno Wagner Message-ID: <20100727160810.GA7331@tansi.org> References: <20100725103458.GA26486@tansi.org> <4C4C2D3C.40306@redhat.com> <1280063664.3309.119.camel@fermat.scientia.net> <4C4C4192.60908@redhat.com> <1280097464.3309.192.camel@fermat.scientia.net> <4C4CD361.4080000@redhat.com> <1280176686.3266.106.camel@fermat.scientia.net> <4C4E9CF4.3030308@redhat.com> <20100727104735.GB2373@tansi.org> <1280240232.11350.13.camel@etppc09.garching.physik.uni-muenchen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <1280240232.11350.13.camel@etppc09.garching.physik.uni-muenchen.de> Subject: Re: [dm-crypt] Using plain64/plain IV (initialisation vector) in dm-crypt List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Tue, Jul 27, 2010 at 04:17:12PM +0200, Christoph Anton Mitterer wrote: > On Tue, 2010-07-27 at 12:47 +0200, Arno Wagner wrote:=20 > > Yes. My FAQ recomendation is to make a backup, create a new > > container in the target size and then restore the data. I=20 > > think resizing the filesystem is just too risky otherwise. > Why exactly do you mean? Any other pitfalls than that a user continues > to use plain instead of plain64? > I thought everything else in the LUKS header would be independent of the > amount of storage after it. Yes, but you need to=20 a) resize the raw container (partition, file, disk) b) reboot to make the kernel see the changed size c) decrypt the container=20 d) wipe the additional space from the decrypted side e) resize the filesystem in the container d) is optional but highly recommended.=20 If you get anything wrong here, the risk of wiping your=20 LUKS header (with complete data loss) or damaging the filesystem for dm-crypt (with at least partial data loss) are high enough to justify doing a backup. Also, power loss or a system crash during the filesystem resizing can also result in arbitrary bad data loss. But if you have a backup, recreating the filesystem in the new size is the easiest option. You do not strictly need to recreate=20 the LUKS header, but if you are prepared to do it, you are not=20 screwed if it turns out that it suffered damage.=20 So, yes, you can do this without backup and just keeping the original LUKS header. But I will continue to recomend a full data backup and recreating the container after resizing it.=20 If you are proficient enough to not need that, be my guest, but if you mess up and lose all your data, I will be entitled to make fun of you ;-) Arno=20 --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam= e=20 GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier=20