eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 20:00:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed some typos.

Browse Source 
The large text block happened due to reformat. It's just addition
of "the" in front of problem, i.e. "If this is _the_ problem, ..."
This commit is contained in:
Tobias Stoeckmann
2020-08-16 11:40:36 +02:00
committed by Milan Broz
parent e75f5de2ed
commit 63a5bd5ef6
1 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
FAQ
View File

@@ -191,7 +191,7 @@ A. Contributors
* 1.7 Is there a mailing-list? * 1.7 Is there a mailing-list?
Instructions on how to subscribe to the mailing-list are at on the Instructions on how to subscribe to the mailing-list are on the
project website. People are generally helpful and friendly on the project website. People are generally helpful and friendly on the
list. list.
@@ -241,7 +241,7 @@ A. Contributors
* 2.1 LUKS Container Setup mini-HOWTO * 2.1 LUKS Container Setup mini-HOWTO
This item tries to give you a very brief list of all the steps you This item tries to give you a very brief list of all the steps you
should go though when creating a new LUKS encrypted container, i.e. should go through when creating a new LUKS encrypted container, i.e.
encrypted disk, partition or loop-file. encrypted disk, partition or loop-file.
01) All data will be lost, if there is data on the target, make a 01) All data will be lost, if there is data on the target, make a
@@ -343,7 +343,7 @@ A. Contributors
See Section 6 for details. See Section 6 for details.
Done. You can now use the encrypted file system to store data. Be sure Done. You can now use the encrypted file system to store data. Be sure
to read though the rest of the FAQ, these are just the very basics. In to read through the rest of the FAQ, these are just the very basics. In
particular, there are a number of mistakes that are easy to make, but particular, there are a number of mistakes that are easy to make, but
will compromise your security. will compromise your security.
@@ -821,7 +821,7 @@ A. Contributors
Remove the mapping at the end and you are done. Remove the mapping at the end and you are done.
* 2.20 How to I wipe only the LUKS header? * 2.20 How do I wipe only the LUKS header?
This does _not_ describe an emergency wipe procedure, see Item 5.4 for This does _not_ describe an emergency wipe procedure, see Item 5.4 for
that. This procedure here is intended to be used when the data should that. This procedure here is intended to be used when the data should
@@ -911,10 +911,10 @@ A. Contributors
much longer. Also take into account that up to 8 key-slots (LUKS2: up much longer. Also take into account that up to 8 key-slots (LUKS2: up
to 32 key-slots) have to be tried in order to find the right one. to 32 key-slots) have to be tried in order to find the right one.
If this is problem, you can add another key-slot using the slow machine If this is the problem, you can add another key-slot using the slow
with the same passphrase and then remove the old key-slot. The new machine with the same passphrase and then remove the old key-slot. The
key-slot will have the unlock time adjusted to the slow machine. Use new key-slot will have the unlock time adjusted to the slow machine.
luksKeyAdd and then luksKillSlot or luksRemoveKey. You can also use Use luksKeyAdd and then luksKillSlot or luksRemoveKey. You can also use
the -i option to reduce iteration time (and security level) when setting the -i option to reduce iteration time (and security level) when setting
a passphrase. Default is 1000 (1 sec) for LUKS1 and 2000 (2sec) for a passphrase. Default is 1000 (1 sec) for LUKS1 and 2000 (2sec) for
LUKS2. LUKS2.
@@ -991,7 +991,7 @@ A. Contributors
LUKS and dm-crypt can give the RAM quite a workout, especially when LUKS and dm-crypt can give the RAM quite a workout, especially when
combined with software RAID. In particular the combination RAID5 + combined with software RAID. In particular the combination RAID5 +
LUKS1 + XFS seems to uncover RAM problems that do not cause obvious LUKS1 + XFS seems to uncover RAM problems that do not cause obvious
problems otherwise. Symptoms vary, but often the problem manifest problems otherwise. Symptoms vary, but often the problem manifests
itself when copying large amounts of data, typically several times itself when copying large amounts of data, typically several times
larger than your main memory. larger than your main memory.
@@ -1085,7 +1085,7 @@ A. Contributors
5. Security Aspects 5. Security Aspects
* 5.1 How long is a secure passphrase ? * 5.1 How long is a secure passphrase?
This is just the short answer. For more info and explanation of some of This is just the short answer. For more info and explanation of some of
the terms used in this item, read the rest of Section 5. The actual the terms used in this item, read the rest of Section 5. The actual
@@ -1124,7 +1124,7 @@ A. Contributors
i.e. I estimated the attack to be too easy. Nobody noticed ;-) On the i.e. I estimated the attack to be too easy. Nobody noticed ;-) On the
plus side, the tables are now (2017) pretty much accurate. plus side, the tables are now (2017) pretty much accurate.
More references can be found a the end of this document. Note that More references can be found at the end of this document. Note that
these are estimates from the defender side, so assuming something is these are estimates from the defender side, so assuming something is
easier than it actually is is fine. An attacker may still have easier than it actually is is fine. An attacker may still have
significantly higher cost than estimated here. significantly higher cost than estimated here.
@@ -1215,7 +1215,7 @@ A. Contributors
already lock you up. Hidden containers (encryption hidden within already lock you up. Hidden containers (encryption hidden within
encryption), as possible with Truecrypt, do not help either. They will encryption), as possible with Truecrypt, do not help either. They will
just assume the hidden container is there and unless you hand over the just assume the hidden container is there and unless you hand over the
key, you will stay locked up. Don't have a hidden container? Though key, you will stay locked up. Don't have a hidden container? Tough
luck. Anybody could claim that. luck. Anybody could claim that.
Still, if you are concerned about the LUKS header, use plain dm-crypt Still, if you are concerned about the LUKS header, use plain dm-crypt
@@ -1295,7 +1295,7 @@ A. Contributors
medium. medium.
If your backup is on magnetic tape, I advise physical destruction by If your backup is on magnetic tape, I advise physical destruction by
shredding or burning, after (!) overwriting . The problem with magnetic shredding or burning, after (!) overwriting. The problem with magnetic
tape is that it has a higher dynamic range than HDDs and older data may tape is that it has a higher dynamic range than HDDs and older data may
well be recoverable after overwrites. Also write-head alignment issues well be recoverable after overwrites. Also write-head alignment issues
can lead to data not actually being deleted during overwrites. can lead to data not actually being deleted during overwrites.
@@ -1848,7 +1848,7 @@ A. Contributors
document. It does require advanced skills in this age of pervasive document. It does require advanced skills in this age of pervasive
surveillance.) surveillance.)
Hence, LUKS has not kill option because it would do much more harm than Hence, LUKS has no kill option because it would do much more harm than
good. good.
Still, if you have a good use-case (i.e. non-abstract real-world Still, if you have a good use-case (i.e. non-abstract real-world
@@ -1918,7 +1918,7 @@ A. Contributors
cryptsetup --header <file> luksOpen <device> </dev/mapper/name> cryptsetup --header <file> luksOpen <device> </dev/mapper/name>
If that unlocks your keys-lot, you are good. Do not forget to close If that unlocks your key-slot, you are good. Do not forget to close
the device again. the device again.
Under some circumstances (damaged header), this fails. Then use the Under some circumstances (damaged header), this fails. Then use the
@@ -2781,7 +2781,7 @@ offset length name data type description
Mostly not. The header has changed in its structure, but the Mostly not. The header has changed in its structure, but the
crytpgraphy is the same. The one exception is that PBKDF2 has been crytpgraphy is the same. The one exception is that PBKDF2 has been
replaced by Argon2 to give better resilience against attacks attacks by replaced by Argon2 to give better resilience against attacks by
graphics cards and other hardware with lots of computing power but graphics cards and other hardware with lots of computing power but
limited local memory per computing element. limited local memory per computing element.
@@ -2865,7 +2865,7 @@ offset length name data type description
second/slot unlock time, LUKS2 adjusts the memory parameter down if second/slot unlock time, LUKS2 adjusts the memory parameter down if
needed. In the other direction, it will respect available memory and not needed. In the other direction, it will respect available memory and not
exceed it. On a current PC, the memory parameter will be somewhere around exceed it. On a current PC, the memory parameter will be somewhere around
1GB, which should quite generous. The minimum I was able to set in an 1GB, which should be quite generous. The minimum I was able to set in an
experiment with "-i 1" was 400kB of memory and that is too low to be experiment with "-i 1" was 400kB of memory and that is too low to be
secure. A Raspberry Pi would probably end up somewhere around 50MB (have secure. A Raspberry Pi would probably end up somewhere around 50MB (have
not tried it) and that should still be plenty. not tried it) and that should still be plenty.