Re: [dm-crypt] Questions about LUKS / LVM

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Karl O. Pinc" <kop@meme.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Questions about LUKS / LVM
Date: Mon, 19 Sep 2011 11:00:00 -0500	[thread overview]
Message-ID: <1316448000.17657.3@mofo> (raw)
In-Reply-To: <1316447158.7965.12.camel@zarniwoop> (from zoqaeski@gmail.com on Mon Sep 19 10:45:52 2011)

On 09/19/2011 10:45:52 AM, Robbie Smith wrote:

> How much of a load on the system would LUKS + LVM be?
> Is it likely to
> result in a noticeable drop in performance?

It all depends, but generally no because cpu is _so_ much faster
than disk these days.

> Does entering the key(s)
> at
> boot decrypt the whole volume, or just provide a means for the kernel
> module to decrypt and encrypt on-the-fly?

The latter.

> 
> And… how does it work? The documentation makes mention of multiple
> key-slots; but I'm a little baffled as to how different keys can be
> used
> to decrypt the same volume. It is based on symmetric cryptography,
> isn't
> it?

Yes, but the master key is encrypted by each key, separately, and 
that's what your multiple passwords decrypt.

See the tks-1 paper (iirc) referenced on the wiki for more info.

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

next prev parent reply	other threads:[~2011-09-19 16:00 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-19 15:45 [dm-crypt] Questions about LUKS / LVM Robbie Smith
2011-09-19 16:00 ` Karl O. Pinc [this message]
2011-09-19 16:11   ` Quentin Lefebvre
2011-09-21 17:39     ` Yves-Alexis Perez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1316448000.17657.3@mofo \
    --to=kop@meme.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.