[linux-lvm] LVM and Truecrypt
Gordon Fogus
gordon.fogus at gmail.com
Thu May 7 16:38:53 UTC 2009
Gaute Lund: "I might add: You're aware that block-level/disk-level
encryption offers only
protection against someone stealing your box/disks, or otherwise compromise
it physically?"
I am not concerned with physical security of the machine while it is running
nor with using encryption to protect myself against remote attacks.
Excellent point though.
Sven Eschenberg: "Concerning encryption, I was asking, because if you use
linux as OS on your NAS and linux solely, you could use dmcrypt (which is
used by truecrypt on linux too, if available) which gives you more options
on encryption etc. (Choose any cipher from the kernel crypto api, luks key
managment ...). This is usually integrated far better into distributions,
than truecrypt."
Wow, Linux has built in crypto. Windows has... :( I will check this out.
I guess this means I need to get used to typing into the command box to do
everything. I am using a 6TB RAID5 currently (5TB usable). I find it
unbearably slow compared to my 4TB RAID0+1 (2TB usable).
Sven Eschenberg: "In case you want to avoid the luks header (since it
indicates some info on the crypted volume, offers multiple key slots etc.)
you can still revert to non-luks mode with dm-crypt and still enjoy all the
ciphers from the kernel (and modes of operation)."
Yes, I would definitely prefer not to have a header that says: "Secrets lurk
beyond".
Sven Eschenberg: "Concerning truecrypt: Truecrypt always uses XTS afaik, you
certainly would not want to encrypt a 10 TB volume with that.
(http://en.wikipedia.org/wiki/XTS#XTS)"
Ohhhh bother! You sound like you know crypto better than I. What mode of
operation do you recommend? Is there a distro you would recommend for
crypto above others? I was thinking of using Ubuntu because it has such a
large support base.
Sorry, I didn't look at your address. I was in Frankfurt a few years ago.
Have you been to CCC ever?
Gordon
On Thu, May 7, 2009 at 12:39 AM, Gaute Lund <gaute at idrift.no> wrote:
> Gordon Fogus wrote Thursday, May 07, 2009 4:20 AM
>
> > On the other hand, if you were asking, "Why use encryption?", then you
> might be
> > interested in Sans news bites:
> http://www.sans.org/newsletters/newsbites/.
> > Sans covers many data leaks.
>
> I might add: You're aware that block-level/disk-level encryption offers
> only
> protection against someone stealing your box/disks, or otherwise compromise
> it physically?
>
> Remote "attacks" will be just as effective against a box with
> truecrypt/dm-crypt!
>
> -gaute
>
>
> _______________________________________________
> linux-lvm mailing list
> linux-lvm at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-lvm
> read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-lvm/attachments/20090507/9f4efc72/attachment.htm>
More information about the linux-lvm
mailing list