eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 08:20:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

synchronized to web version

Browse Source 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@669 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Arno Wagner
2011-11-01 04:48:34 +00:00
parent ef078587cc
commit 4aee070173
1 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
FAQ
View File

@@ -29,21 +29,39 @@ A. Contributors
ATTENTION: If you are going to read just one thing, make it the ATTENTION: If you are going to read just one thing, make it the
section on Backup and Data Recovery. By far the most questions on section on Backup and Data Recovery. By far the most questions on
the cryptsetup mailing list are from people that just managed to the cryptsetup mailing list are from people that managed to damage
somehow format or overwrite the start of their LUKS partitions. In the start of their LUKS partitions, i.e. the LUKS header. In
most cases, there is nothing that can be done to help these poor most cases, there is nothing that can be done to help these poor
souls recover their data. Make sure you understand the problem and souls recover their data. Make sure you understand the problem and
limitations imposed by the LUKS security model BEFORE you face such limitations imposed by the LUKS security model BEFORE you face
a disaster! such a disaster! In particular, make sure you have a current header
backup before doing any potentially dangerous operations.
PASSPHRASES: Some people have had difficulties when upgrading DISTRIBUTION INSTALLERS: Some distribution installers offer to
distributions. It is highly advisable to only use the 94 printable create LUKS containers in a way that can be mistaken as activation
characters from the first 128 characters of the ASCII table, as of an existing container. Creating a new LUKS container on top of
they will always have the same binary representation. Other an existing one leads to permanent, complete and irreversible data
characters may have different encoding depending on system loss. It is strongly recommended to only use distribution
configuration and your passphrase will not work with a different installers after a complete backup of all LUKS containers has been
encoding. A table of the standardized first 128 ASCII caracters made.
can, e.g. be found on http://en.wikipedia.org/wiki/ASCII
LUKS PASSPHRASE IS NOT THE MASTER KEY: The LUKS passphrase is not
used in deriving the master key. It is used in decrypting a master
key that is randomly selected on header creation. This means that
if you create a new LUKS header on top of an old one with
exactly the same parameters and exactly the same passphrase as the
old one, it will still have a different master key and your data
will be permanently lost.
PASSPHRASE CHARACTER SET: Some people have had difficulties with
this when upgrading distributions. It is highly advisable to only
use the 94 printable characters from the first 128 characters of
the ASCII table, as they will always have the same binary
representation. Other characters may have different encoding
depending on system configuration and your passphrase will not
work with a different encoding. A table of the standardized first
128 ASCII caracters can, e.g. be found on
http://en.wikipedia.org/wiki/ASCII
* System Specific warnings * System Specific warnings