From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Fri, 26 Mar 2010 09:58:55 +0100 (CET)
Message-ID: <4BAC774B.5060802@redhat.com>
Date: Fri, 26 Mar 2010 09:58:51 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <8a87818a1003251638m5f6fbf85v23545f5acad506e4@mail.gmail.com>
In-Reply-To: <8a87818a1003251638m5f6fbf85v23545f5acad506e4@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] cryptesetup remove question
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Jamaal Speights <jamaal.speights@gmail.com>
Cc: dm-crypt@saout.de

On 03/26/2010 12:38 AM, Jamaal Speights wrote:
> I am curious about the cryptsetup remove function and its purpose after
> rebooting a system.  Is my system still vulnerable to someone else
> mounting my encrypted file if I don't remove the mapping before I
> reboot?  When my system comes back up I don't see the mapping in
> /dev/mapping/cryptfile  .  Also if I do cryptsetup to mount the image
> again I have to re-enter the password.  So whats the point of using
> cryptsetup remove when shutting your system down?

Remove key from memory? (google coldboot attack)

Deactivate crypt mapping so underlying storage can safely deactivate
devices (LVM for example)?

Umount underlying filesystem if mappping is to file on it?

...

Milan