From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from awesome.dsw2k3.info (unknown [IPv6:2a01:198:661:1f::3]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 15 Apr 2014 00:20:23 +0200 (CEST) Date: Tue, 15 Apr 2014 00:20:06 +0200 From: Matthias Schniedermeyer Message-ID: <20140414222006.GA1691@citd.de> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Encrypting several disks with the same password + keyfile combinaison List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Xavier MONTILLET Cc: dm-crypt@saout.de On 14.04.2014 21:24, Xavier MONTILLET wrote: > Hi, > > - (b) Use LUKS (which I would prefer to avoid, if it doesn't comprimise the > security, because it adds a weak spot against disk failure: the header) Interesting point. There are more "weak spots". Yyou even add one, but i guess adding two is "too much"? - Partition Table - Superblock(s) of the filesystem(s) - LVM - There are or at least i think there are a few "critical" blocks in each filesystem that i think will ruin your day if damaged. - ... Personally i unintentionaly did away with one (Partition Table) and don't use another (LVM), but that still leaves at least the superblock(s) of the filesystem. Btw. You can also use LUKS with a deattached header and/or backup the header, so it's not weaker than the other weak spots. -- Matthias