1 |
This One Time, at Band Camp, Mick <michaelkintzios@×××××.com> said, On Tue, Mar 25, 2008 at 05:23:00PM +0000: |
2 |
> > That's why I have my entire installation over a DM-CRYPT ( LUKS |
3 |
> > encrypted partition... ), including swaps and storage ( LVM over |
4 |
> > DM-CRYPT actually), this way even if someone had a physical access to |
5 |
> > my laptop, both GRUB and LiveCD approach would be useless... |
6 |
|
7 |
> I've thought about going for this . . . and then backpedaled once more. Every |
8 |
> time I had a fs problem I have managed to recover to this date without much |
9 |
> trouble. Vanilla primary and extended partitions seem to be straight forward |
10 |
> to access with any LiveCD. To be honest even when I had to frig about with |
11 |
> LVM I managed to recover without loss of data (more out of luck than skill I |
12 |
> suspect). The thought however, that I may lose my private key (never say |
13 |
> never), or lose a drive and need to access my data pronto from a back up |
14 |
> makes me somewhat nervous. Should I be more brave that this? |
15 |
Well it depends... First of all you should know that almost every LiveCD |
16 |
now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does |
17 |
( not as is though you should apt-get cryptsetyp, AFAIK lvm already |
18 |
installed), so recovering data would not be that hard if you can open |
19 |
the partition... As for loosing the key, that's easy too, here's what |
20 |
I do: I create a small file from /dev/urandom and I use it as pass key |
21 |
SLOT, and store it somewhere safe, so if and when I forget all of the |
22 |
passwords I have, I use this key, it is safe. |
23 |
|
24 |
Anyway as I said above it actually depends, using dm-crypt will lower |
25 |
the performance of your machine which actually make sense since the |
26 |
data are encrypted before they are written to the disk (AFAIK I'm not |
27 |
really sure how it handles I/O operations, but I'm sure that writing a |
28 |
huge file to your HDD will result in a lot of CPU usage of the process |
29 |
'kcryptd'), but using dm-crypt is very very secure, I use it because |
30 |
my laptop is with me every day when I go to the university so I need |
31 |
this kind of security... On the other hand if you don't need |
32 |
encryption, maybe you should stick with LVM... (LVM is a must checkout |
33 |
my partitions below, I love it...) |
34 |
|
35 |
--------- CUT |
36 |
# lvdisplay -C |
37 |
LV VG Attr LSize Origin Snap% Move Log Copy% Convert |
38 |
gentoo-opt system -wi-ao 1.00G |
39 |
gentoo-overlays system -wi-ao 1.00G |
40 |
gentoo-root system -wi-ao 500.00M |
41 |
gentoo-usr system -wi-ao 5.00G |
42 |
gentoo-var system -wi-ao 500.00M |
43 |
home system -wi-ao 15.00G |
44 |
storage system -wi-ao 50.66G |
45 |
suspend-swap system -wi-a- 1.00G |
46 |
swap system -wi-ao 2.00G |
47 |
tmp system -wi-ao 500.00M |
48 |
ubuntu-opt system -wi-ao 1.00G |
49 |
ubuntu-root system -wi-ao 500.00M |
50 |
ubuntu-usr system -wi-ao 3.50G |
51 |
ubuntu-var system -wi-ao 500.00M |
52 |
var-tmp system -wi-ao 100.00M |
53 |
--------- CUT |
54 |
|
55 |
Regards, |
56 |
|
57 |
-- |
58 |
Wael Nasreddine |
59 |
http://wael.nasreddine.com |
60 |
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 |
61 |
|
62 |
/ö\ |
63 |
/ö\ When Chuck Norris wants an egg, he cracks open a chicken. |