From 5b5c6dccc040e0d3a7b9a2612696b0b85d64829c Mon Sep 17 00:00:00 2001
From: Arno Wagner <wagner.arno@gmail.com>
Date: Fri, 24 Aug 2012 19:00:47 +0200
Subject: [PATCH] added prominent note to use LUKS (not plain dm-crypt) unless
 understanding the crypto well.

---
 man/cryptsetup.8 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index 8a564ce..84fdffc 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -10,6 +10,12 @@ device-mapper mappings. These include plain dm-crypt volumes and
 LUKS volumes. The difference is that LUKS uses a metadata header
 and can hence offer more features than plain dm-crypt. On the other 
 hand, the header is visible and vulnerable to damage.
+.SH PLAIN DM-CRYPT OR LUKS?
+.PP
+Unless you understand the cryptographic background well, use LUKS.
+With plain dm-crypt there are a number of possible user errors
+that massively decrease security. While LUKS cannot fix them
+all, it can lessen the impact for many of them.
 .SH WARNINGS
 .PP 
 A lot of good information on the risks of using encrypted storage,
-- 
2.7.4