| 1 |
This One Time, at Band Camp, Mick <michaelkintzios@×××××.com> said, On Tue, Mar 25, 2008 at 05:23:00PM +0000: |
| 2 |
> > That's why I have my entire installation over a DM-CRYPT ( LUKS |
| 3 |
> > encrypted partition... ), including swaps and storage ( LVM over |
| 4 |
> > DM-CRYPT actually), this way even if someone had a physical access to |
| 5 |
> > my laptop, both GRUB and LiveCD approach would be useless... |
| 6 |
|
| 7 |
> I've thought about going for this . . . and then backpedaled once more. Every |
| 8 |
> time I had a fs problem I have managed to recover to this date without much |
| 9 |
> trouble. Vanilla primary and extended partitions seem to be straight forward |
| 10 |
> to access with any LiveCD. To be honest even when I had to frig about with |
| 11 |
> LVM I managed to recover without loss of data (more out of luck than skill I |
| 12 |
> suspect). The thought however, that I may lose my private key (never say |
| 13 |
> never), or lose a drive and need to access my data pronto from a back up |
| 14 |
> makes me somewhat nervous. Should I be more brave that this? |
| 15 |
Well it depends... First of all you should know that almost every LiveCD |
| 16 |
now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does |
| 17 |
( not as is though you should apt-get cryptsetyp, AFAIK lvm already |
| 18 |
installed), so recovering data would not be that hard if you can open |
| 19 |
the partition... As for loosing the key, that's easy too, here's what |
| 20 |
I do: I create a small file from /dev/urandom and I use it as pass key |
| 21 |
SLOT, and store it somewhere safe, so if and when I forget all of the |
| 22 |
passwords I have, I use this key, it is safe. |
| 23 |
|
| 24 |
Anyway as I said above it actually depends, using dm-crypt will lower |
| 25 |
the performance of your machine which actually make sense since the |
| 26 |
data are encrypted before they are written to the disk (AFAIK I'm not |
| 27 |
really sure how it handles I/O operations, but I'm sure that writing a |
| 28 |
huge file to your HDD will result in a lot of CPU usage of the process |
| 29 |
'kcryptd'), but using dm-crypt is very very secure, I use it because |
| 30 |
my laptop is with me every day when I go to the university so I need |
| 31 |
this kind of security... On the other hand if you don't need |
| 32 |
encryption, maybe you should stick with LVM... (LVM is a must checkout |
| 33 |
my partitions below, I love it...) |
| 34 |
|
| 35 |
--------- CUT |
| 36 |
# lvdisplay -C |
| 37 |
LV VG Attr LSize Origin Snap% Move Log Copy% Convert |
| 38 |
gentoo-opt system -wi-ao 1.00G |
| 39 |
gentoo-overlays system -wi-ao 1.00G |
| 40 |
gentoo-root system -wi-ao 500.00M |
| 41 |
gentoo-usr system -wi-ao 5.00G |
| 42 |
gentoo-var system -wi-ao 500.00M |
| 43 |
home system -wi-ao 15.00G |
| 44 |
storage system -wi-ao 50.66G |
| 45 |
suspend-swap system -wi-a- 1.00G |
| 46 |
swap system -wi-ao 2.00G |
| 47 |
tmp system -wi-ao 500.00M |
| 48 |
ubuntu-opt system -wi-ao 1.00G |
| 49 |
ubuntu-root system -wi-ao 500.00M |
| 50 |
ubuntu-usr system -wi-ao 3.50G |
| 51 |
ubuntu-var system -wi-ao 500.00M |
| 52 |
var-tmp system -wi-ao 100.00M |
| 53 |
--------- CUT |
| 54 |
|
| 55 |
Regards, |
| 56 |
|
| 57 |
-- |
| 58 |
Wael Nasreddine |
| 59 |
http://wael.nasreddine.com |
| 60 |
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 |
| 61 |
|
| 62 |
/ö\ |
| 63 |
/ö\ When Chuck Norris wants an egg, he cracks open a chicken. |
Archives