From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y55SoKuIqpL7 for ; Wed, 10 Aug 2011 19:26:18 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 10 Aug 2011 19:26:17 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-162-232.dclient.hispeed.ch [84.74.162.232]) by v4.tansi.org (Postfix) with ESMTPA id C2F192060AE for ; Wed, 10 Aug 2011 19:26:16 +0200 (CEST) Date: Wed, 10 Aug 2011 19:26:15 +0200 From: Arno Wagner Message-ID: <20110810172614.GA15252@tansi.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Protection against data failure List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Wed, Aug 10, 2011 at 10:14:37AM +0200, Sun_Blood wrote: > Hi DM-crypt > > I have done some Googling and read your FAQ(great info) but I'm still Thanks! > a bit confused so I hope somebody have time to answer a few questions. > > I have recently started using dm-crypt and LVM finally taking a leap > in to the feature of disk handling. But now when I'm not using the > normal old partitions system with "one disk one partition" and the > disk itself are getting bigger there is a lot more data that could be > lost in a error. And with a big encrypted LVM I feel that some sort of > backups are necessary. Personally, I do not like LVM. I think in most situations it complicates things without need. > So how can I protect my self from loosing all my data? My system today > looks like this > sdb1 -> lvm -> dm_crypt -> filesystem > So by adding mirror raid I'm guessing that I protect my self from > hardware failure. sd[b-c]1 -> Raid -> LVM -> dm_crypt -> filysystem. > So far are I correct or am I missing something? RAID1 protects you against disk failure, but you still need a backup, just as Milan says in his anzwer. > The above solution saves me from a broken disk but it can't protect me > from my self right(the biggest danger to a system: The user)? If I Indeed. Or two broken disks. > accidental do a dd /dev/zero /dev/raid then all will be lost because > the raid will mirror even my mistakes? Faithfully, yes. > Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM > also have a similar function). > My question here is if I accidental overwrite the first 5% of the disk > could I with this option restore and access the 95% rest of the system > data? Depends on the filsyste, you have in there. Or the partitioning. > Or is this the wrong approach maybe a CoW setup would be the solution? > What I'm looking for is a way to protect the system from myself. > Hardware is one way and with that I can protect myself against > hardware failure good enough with raid and SMART disk. > But if I accidental overwrite the first part of the disk or some other > important part can I protect myself from that? Backup on several (at least 3) media sets is the only good solution. And you are asking exactly the right questions. > And I final question. The output from luksHeaderBackup how sensitive > is that information? Is it like handing somebody my password if I > store it on a local unencrypted disk? It is like handing somebody your disks. Alls still protected. Only potential problem is old passwords in the backup, see FAQ. > Thanks in advance for any answers! =) No Problem. Arno > Martin > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier