added prominent note to use LUKS (not plain dm-crypt) unless

author Arno Wagner <wagner.arno@gmail.com>

Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)

committer Arno Wagner <wagner.arno@gmail.com>

Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)
author Arno Wagner <wagner.arno@gmail.com>
Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)
committer Arno Wagner <wagner.arno@gmail.com>
Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)
diff --git a/man/cryptsetup.8 b/man/cryptsetup.8

index 8a564ce..84fdffc 100644 (file)
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -10,6 +10,12 @@ device-mapper mappings. These include plain dm-crypt volumes and
  LUKS volumes. The difference is that LUKS uses a metadata header
  and can hence offer more features than plain dm-crypt. On the other 
  hand, the header is visible and vulnerable to damage.
+.SH PLAIN DM-CRYPT OR LUKS?
+.PP
+Unless you understand the cryptographic background well, use LUKS.
+With plain dm-crypt there are a number of possible user errors
+that massively decrease security. While LUKS cannot fix them
+all, it can lessen the impact for many of them.
  .SH WARNINGS
  .PP 
  A lot of good information on the risks of using encrypted storage,
author	Arno Wagner <wagner.arno@gmail.com>
	Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)
committer	Arno Wagner <wagner.arno@gmail.com>
	Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)