DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4
Date: Sat, 1 Mar 2014 14:50:41 +0100	[thread overview]
Message-ID: <20140301135041.GC395@tansi.org> (raw)
In-Reply-To: <efa6ae0d61d5c8191398549351e4a882.squirrel@ssl.verfeiert.org>

Well, yes. But anybody careful or having read and understood
the warnings in the FAQ will have a full backup anyays. Anybody
that runs without backup is unlikely to make one now. Doing 
backup is sort of like working safely: It is a state of mind. 
One remark is not going to make people careful that are careless.

But I will add it nonetheless.

Arno

On Sat, Mar 01, 2014 at 08:39:44 CET, Sven Eschenberg wrote:
> Another things that crossed my mind:
> 
> Currently the FAQ states in respect to the whirpool problem, to do a
> header backup prior to changing the header or using reencrypt. Wouldn't it
> be better to make this a minimum requirement and recommend a full backup
> instead? Imagine for whatever reason some portion after the payload offset
> gets damaged/overwritten, be it by mixing up numbers or because of any
> unobvious bug somewhere.
> 
> Regards
> 
> -Sven
> 
> 
> On Sat, March 1, 2014 00:27, Arno Wagner wrote:
> > On Fri, Feb 28, 2014 at 23:06:30 CET, Sven Eschenberg wrote:
> >> On Fri, February 28, 2014 22:46, Arno Wagner wrote:
> >> > On Fri, Feb 28, 2014 at 22:26:03 CET, Sven Eschenberg wrote:
> >> >> Just out of curiosity,
> >> >>
> >> >> Isn't it possible (yet) to override header fields during luksopen? If
> >> >> not,
> >> >> wouldn't it make sense to add something like that in future versions?
> >> I
> >> >> think it could be of great help when the header is partly damaged, to
> >> be
> >> >> able to override things without using a hex editor.
> >> >
> >> > I doubt this makes much sense. From what I have seen,
> >> > usually the magic string at the start is gone as well,
> >> > and then there is a real risk that people try this with
> >> > the wrong data. Using a hex-editor is not that hard and
> >> > using a hex-dumper is basically required to get any
> >> > reasonable form of diagnostics. Even the keyslot-
> >> > checker is basically a specialized hexdump tool.
> >>
> >> Okay, that's true. I personally do use a hexeditor too, I have to admit,
> >> just thought it could help less experienced people. Then again, if
> >> people
> >> fail to use a hex editor chances are big they make things worse. I guess
> >> I
> >> didn't think this through long enough.
> >
> > I have a _lot_ of experience with students, some not so bright
> > or experienced ;-)
> >
> >> >> I am aware that one could use the non-LUKS mode to open a LUKS device
> >> by
> >> >> passing all required parameters, admitted. But a mode where one can
> >> use
> >> >> what's in the header and override single fields could be interesting.
> >> >> Once
> >> >> the correct params are determinde this way, one could maybe add an
> >> >> option
> >> >> to repair the header with the given replacements (Maybe by adding the
> >> >> option to reencryt?).
> >> >>
> >> >> Just some thoughts that crossed my mind.
> >> >
> >> > I doubt this really helps. Also remember that finding out what
> >> > actually broke the header is important, so fiddeling around
> >> > with an opaque header and commandline arguments to cryptsetup
> >> > after you have analyzed a hexdump strikes me as not that effective.
> >>
> >> That's absolutely true, indeed.
> >>
> >> >
> >> > I do understand that hex-editing is akward for many people,
> >> > but I do not think this makes it any better or clearer.
> >> > One thing that would help a bit is a header layout with
> >> > hex offsets. I think I am going to add that to the FAQ.
> >>
> >> Good point, I'd propose adding this to the luks on disk format document
> >> as
> >> well. If you cannot convert HEX<->DEC inside your head having the hex
> >> offsets at disposal helps alot. I admit, I used a converter when I
> >> edited
> >> my headers lately.
> >
> > Me too. For the time being, there now is a nice hex + dec table
> > in FAQ Item 6.12
> >
> > Arno
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D
> > 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -  Plato
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato

  parent reply	other threads:[~2014-03-01 13:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-27 14:39 [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4 Milan Broz
2014-02-27 17:30 ` Thomas Bächler
2014-02-28  7:51   ` Milan Broz
2014-02-28 11:29   ` Milan Broz
2014-02-28 11:38     ` Arno Wagner
2014-02-28 21:26     ` Sven Eschenberg
2014-02-28 21:46       ` Arno Wagner
2014-02-28 22:06         ` Sven Eschenberg
2014-02-28 23:27           ` Arno Wagner
2014-03-01  7:39             ` Sven Eschenberg
2014-03-01  8:35               ` Milan Broz
2014-03-01 11:32                 ` Sven Eschenberg
2014-03-01 16:50                 ` Heinz Diehl
2014-03-01 19:44                   ` Arno Wagner
2014-03-02  7:35                     ` Heinz Diehl
2014-03-02 15:17                       ` Arno Wagner
2014-03-01 13:50               ` Arno Wagner [this message]
2014-02-27 21:44 ` Heinz Diehl
2014-02-27 22:36   ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140301135041.GC395@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox