From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sat, 13 Dec 2014 01:21:04 +0100 (CET)
Received: from gatewagner.dyndns.org (77-57-49-177.dclient.hispeed.ch
 [77.57.49.177]) by v6.tansi.org (Postfix) with ESMTPA id 0302920DC210
 for <dm-crypt@saout.de>; Sat, 13 Dec 2014 01:21:04 +0100 (CET)
Date: Sat, 13 Dec 2014 01:21:03 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20141213002103.GA19625@tansi.org>
References: <D0AF22AB.6A698%craig.a.sayler@nasa.gov>
 <20141211220453.GA24563@citd.de> <20141212121108.GA29099@tansi.org>
 <20141212125910.GA3470@citd.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20141212125910.GA3470@citd.de>
Subject: Re: [dm-crypt] question
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Fri, Dec 12, 2014 at 13:59:10 CET, Matthias Schniedermeyer wrote:
> On 12.12.2014 13:11, Arno Wagner wrote:
> > On Thu, Dec 11, 2014 at 23:04:53 CET, Matthias Schniedermeyer wrote:
> > > On 11.12.2014 18:30, Sayler, Craig A. (AFRC-MI)[InuTeq, LLC] wrote:
> > > > Is there a way to decrypt a drive permanently with out reinstalling?
> > > 
> > > Yes.
> > > 
> > > But the much safer way is:
> > > Backup, make a new filesystem on the previous backing-device & Restore 
> > > from backup.
> > > 
> > > 
> > > The unsafe(!) 'inplace' method (that as an advantage doesn't need 
> > > additional storage):
> > > Just open the container normally, 'dd' the mapped container over the 
> > > backing device and pray that process isn't interruped. Because it will 
> > > be a huge PITA if it gets interruped.
> > > 
> > > 
> > > But don't risk it, Backup & Restore is the way this should be done.
> > 
> > Interesting approach! Should work though. But you are right that this
> > is very high risk.
> 
> Standard Unix methodology, i would say.

Not really, as you are accessing the same block device once 
directly and once through the dm-layer encryption at the same
time. Things like buffers become critical. For example, if any
buffer for a change of the original state is flushed with 
a delay, things can get very messy and very broken. But if
the thing is not mounted, there should not be any longer-lived 
buffers and hence it should work.

Gr"usse,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier