From: Arno Wagner <wagner.arno@gmail.com>
Date: Fri, 24 Aug 2012 17:00:47 +0000 (+0200)
Subject: added prominent note to use LUKS (not plain dm-crypt) unless
X-Git-Tag: upstream/1.6~186
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcryptsetup.git;a=commitdiff_plain;h=5b5c6dccc040e0d3a7b9a2612696b0b85d64829c

added prominent note to use LUKS (not plain dm-crypt) unless
understanding the crypto well.
---

diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index 8a564ce..84fdffc 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -10,6 +10,12 @@ device-mapper mappings. These include plain dm-crypt volumes and
 LUKS volumes. The difference is that LUKS uses a metadata header
 and can hence offer more features than plain dm-crypt. On the other 
 hand, the header is visible and vulnerable to damage.
+.SH PLAIN DM-CRYPT OR LUKS?
+.PP
+Unless you understand the cryptographic background well, use LUKS.
+With plain dm-crypt there are a number of possible user errors
+that massively decrease security. While LUKS cannot fix them
+all, it can lessen the impact for many of them.
 .SH WARNINGS
 .PP 
 A lot of good information on the risks of using encrypted storage,