From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 20 Jun 2010 21:54:53 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 2C5252128007 for ; Sun, 20 Jun 2010 21:54:53 +0200 (CEST) Date: Sun, 20 Jun 2010 21:54:52 +0200 From: Arno Wagner Message-ID: <20100620195452.GB14850@tansi.org> References: <20100619172056.EB09B655213@c-in3ws--03-02.sv2.lotusliveops.com> <4C1D3B8C.9030803@redhat.com> <20100619221307.GA29101@tansi.org> <1276986375.16395.22.camel@fermat.scientia.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <1276986375.16395.22.camel@fermat.scientia.net> Subject: Re: [dm-crypt] Bug in cryptsetup? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Chris I think adding a trace to each FAQ article is overkill. I also do not expect to put a lot into the version specific=20 section.=20 While the FAQ should be correct, current, etc. it is=20 significantly better to have one that is actually there than=20 one that is overengineered enought that it never gets written. I also think that I do a pretty good job of checking what I=20 put in there without being one of the developers... As to the security questions you raidse, you are welcome to contribute the relevant articles to the FAQ, just send them=20 to me or to wait until I find the time to add them. Could=20 take a while thogh. Arno On Sun, Jun 20, 2010 at 12:26:15AM +0200, Christoph Anton Mitterer wrote: > Hi Arno. >=20 > Nice to see that you've used a separate section for legacy stuff in the > FAQ :) >=20 > I guess for something like crpytsetup (with its active development and > changes to crypto theory) it's important for a FAQ that it's really > always up to date and double checked for correctness by the developers. >=20 > Therefore, may I suggest to add information to each FAQ point for/during > which version of cryptsetup it was created? > Of course this would required to check all entries again when a new > version comes out (whether they still are correct) and update the > version info. >=20 >=20 > btw: May I suggest to add the questions I put up here some weeks ago ... > about which is the "securest" algo, keysizes when using XTS, > essiv/benbi/plain when using XTS, how the masterkey is generated > using /dev/urandom (at least currently) and that one should not manually > use /dev/random as Milan said, etc. >=20 > It may also be nice to add that LRW is insecure, at least this is the > case AFAIK, and that therefore XFS was created. >=20 >=20 > Cheers, > Chris. > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam= e=20 GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier=20