[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [linux-lvm] LVM and Truecrypt



Gaute Lund: "I might add: You're aware that block-level/disk-level encryption offers only
protection against someone stealing your box/disks, or otherwise compromise
it physically?"

I am not concerned with physical security of the machine while it is running nor with using encryption to protect myself against remote attacks.  Excellent point though.

Sven Eschenberg: "Concerning encryption, I was asking, because if you use linux as OS on your NAS and linux solely, you could use dmcrypt (which is used by truecrypt on linux too, if available) which gives you more options on encryption etc. (Choose any cipher from the kernel crypto api, luks key managment ...). This is usually integrated far better into distributions, than truecrypt."

Wow, Linux has built in crypto.  Windows has... :(  I will check this out.  I guess this means I need to get used to typing into the command box to do everything.  I am using a 6TB RAID5 currently (5TB usable).  I find it unbearably slow compared to my 4TB RAID0+1 (2TB usable).

Sven Eschenberg: "In case you want to avoid the luks header (since it indicates some info on the crypted volume, offers multiple key slots etc.) you can still revert to non-luks mode with dm-crypt and still enjoy all the ciphers from the kernel (and modes of operation)."

Yes, I would definitely prefer not to have a header that says: "Secrets lurk beyond".

Sven Eschenberg: "Concerning truecrypt: Truecrypt always uses XTS afaik, you certainly would not want to encrypt a 10 TB volume with that.
(http://en.wikipedia.org/wiki/XTS#XTS)"

Ohhhh bother!  You sound like you know crypto better than I.  What mode of operation do you recommend?  Is there a distro you would recommend for crypto above others?  I was thinking of using Ubuntu because it has such a large support base.

Sorry, I didn't look at your address.  I was in Frankfurt a few years ago.  Have you been to CCC ever?

Gordon


On Thu, May 7, 2009 at 12:39 AM, Gaute Lund <gaute idrift no> wrote:
Gordon Fogus wrote Thursday, May 07, 2009 4:20 AM

> On the other hand, if you were asking, "Why use encryption?", then you
might be
> interested in Sans news bites:
http://www.sans.org/newsletters/newsbites/
> Sans covers many data leaks.

I might add: You're aware that block-level/disk-level encryption offers only
protection against someone stealing your box/disks, or otherwise compromise
it physically?

Remote "attacks" will be just as effective against a box with
truecrypt/dm-crypt!

-gaute


_______________________________________________
linux-lvm mailing list
linux-lvm redhat com
https://www.redhat.com/mailman/listinfo/linux-lvm
read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]