From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.10])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed, 19 Aug 2009 17:38:39 +0200 (CEST)
Received: from liesel.fancy-poultry.org (localhost [127.0.0.1])
	by liesel.fancy-poultry.org (Postfix) with ESMTP id 0504118ADAF87
	for <dm-crypt@saout.de>; Wed, 19 Aug 2009 17:42:35 +0200 (CEST)
Date: Wed, 19 Aug 2009 17:42:34 +0200
Message-ID: <87tz03lsid.wl%htd@fancy-poultry.org>
From: Heinz Diehl <htd@fancy-poultry.org>
In-Reply-To: <1250693664.4a8c1220018bf@webmail.inmano.com>
References: <1250693664.4a8c1220018bf@webmail.inmano.com>
MIME-Version: 1.0 (generated by EMIKO 1.14.1 - "Choanoflagellata")
Content-Type: text/plain; charset=US-ASCII
Subject: Re: [dm-crypt] distributing a linux disk crypted with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

At Wed, 19 Aug 2009 16:54:24 +0200,
octane indice wrote:

> But every people I give the appliance will have the crypto key which crypt
> and decrypt data. So, as a security point of view, it's not acceptable.

I'm not shure at all if I understand correctly what you have in mind, but
to unlock a LUKS/dmcrypt partition, you have to provide the correct passphrase/keyfile.
If you do not, there is no way other than bruteforcing it or an attack towards the
encryption itself. The master key itself stays fully encrypted.

You can read more here:
http://cryptsetup.googlecode.com/svn-history/r42/wiki/LUKS-standard/on-disk-format.pdf