Re: [dm-crypt] Cryptsetup FAQ montly pointer 8/13

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Cryptsetup FAQ montly pointer 8/13
Date: Sat, 3 Aug 2013 19:57:33 +0200	[thread overview]
Message-ID: <20130803175733.GA7976@tansi.org> (raw)
In-Reply-To: <51FD17F0.5090805@gmail.com>

On Sat, Aug 03, 2013 at 04:47:12PM +0200, Milan Broz wrote:
> On 08/03/2013 04:10 PM, Dragan Milivojević wrote:
> >> Another option for reliably identifying the swap partition is to use
> >> /dev/disk/by-id/<identifier> to identify the drive by model and serial
> >> number.  For example, my own swap partition is
> >>
> >>     /dev/disk/by-id/scsi-SATA_ST95005620AS_5YX1NEGE-part5
> >>
> >> That should be safe unless I re-purpose that drive and forget to update
> >> /etc/crypttab.
> > 
> > I would suggest using UUID. It works in all cases (partition, raid,
> > lvm member etc).
> > My crypttab (encrypted swap/home):
> > 
> > luks-4dc17e23-e895-4e4b-8061-114fb33c310b
> > UUID=4dc17e23-e895-4e4b-8061-114fb33c310b none
> > luks-46969c48-ab1f-4bd7-bc2a-ae7c1bc86b26
> > UUID=46969c48-ab1f-4bd7-bc2a-ae7c1bc86b26 none
> > 
> > This was generated by fedora install.
> 
> Sure, this is the best way if you use LUKS and Fedora installer
> is using LUKS even for swap.

Which is not a general solution as that means 
a) Suddenly all yout secret stuff in swap survices reboots
b) Swap needs a passphrase to be unlocked!

In the general case you want neither of these to happen.

> For plain crypt (or Truecrypt) you have no UUID, so you cannot use it.
> (You can use uuid/wwid of underlying device as mentioned above
> but this is not be present always.)

Indeed. I tried both when I wrote the entry, only to find that 
neither worked on my system (Debain with custom kernel).

As this is not a distrioution specific FAQ (there are those)
distribution specific stuff shopuld not go into it. Of course
documentation for a specific distribution can contain specific
advice that is not general, and some people have already asked 
me about such things, also with regard to encrypted swap.

Arno

> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare