On Mon, 28 May 2007, Unweitze Enweister wrote:
Cryptsetup-luks is easier to implement and maintain, but it does reveal the algorithm to the adversary at the outset to anyone who examines the disk with a luks dump command.
With dm-crypt properly set up, that should NOT be a problem, remember: "[...] if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism--and you still can't open the safe and read the letter, that's security." - Bruce Schneier C. -- BOFH excuse #197: I'm sorry a pentium won't do, you need an SGI to connect with us. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/