From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tv2UESHZB3LE for ; Wed, 3 Apr 2013 06:13:22 +0200 (CEST) Received: from balrog.mandarb.com (unknown [173.160.28.137]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 3 Apr 2013 06:13:22 +0200 (CEST) Received: from omen by balrog.mandarb.com with local (Exim 4.80) (envelope-from ) id 1UNF4Y-0008JX-Ur for dm-crypt@saout.de; Tue, 02 Apr 2013 21:13:19 -0700 Date: Tue, 2 Apr 2013 21:13:18 -0700 From: Omen Wild Message-ID: <20130403041318.GA22334@mandarb.com> References: <20130401232528.GB10159@mandarb.com> <20130402003929.GA21628@tansi.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20130402003929.GA21628@tansi.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="UugvWAfsgieZRqgk" Subject: Re: [dm-crypt] Encrypt underlying disks after the fact? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Arno Wagner on Tue, Apr 02 02:39: > > With enought space, this should work. However if you encrypt the > underlying disks, you will have to unlock each one individually > or script something before mounting. Good point. I would probably use the same passphrase on both to make booting easier. > Integrating RAID into the filesystem like ZFS does really is not that > good an idea and this is one eaxmple why: It breaks the layering and > the filesystem has to suddenly do everything, including encryption. Not > good as it violates KISS. Sadly, the BTRFS developers are making the > same mistake... I use to totally agree with this, then I started using ZFS at work and liked it so much I'm using it a home with the (slightly) experimental ZFS on Linux. > Detached header would mean you have one more device to worry about. > I would recommend avoiding it in this scenario. True. It was a question that came up browsing the docs. I was thinking a header backup to an encrypted file stored on several CDs stored in different places would help offset that. Mostly I'm trying to figure out how to do this without completely wiping and restoring the data. > Your device is only 2TB, are you sure you want ZFS on top of that? You better believe it. Those 2TB contain all of my important data: photos, video clips, email, scripts and configuration I've been perfecting since starting with UNIX. Even though I'm using mirrored disks I have still have still set /home dataset to have 2 copies, so all of the really important data is actually on disk 4 times. Since this is only 15GB of space I feel the duplication is worth the space. Paranoid, yes. Overly paranoid, I don't think so. > Also, AFAIK, ZFS is Beta-quality on Linux and incomplete. Sort of, but it's pretty solid, and it was mature on Solaris before they started the integration so the foundation is really, really solid. > You could also do something else if it does not fit or if you > want to change thesize anyways: >=20 > 1. Make a degraded md RAID1 on a new disk. > 2. Put a LUKS container on it > 3. Put ZFS (single drive) on top of that > 4. Copy all data over > 5. Remove one disk from the SFS tool and add it to the md RAID1. You lose one of the really neat features of ZFS doing it this way, the ability to detect corruption via checksums and re-read from the other disk (which is really unlikely to have corruption in the same file). It then re-writes clean data to the previously broken mirror so you have 2 clean copies of the data again. --=20 Help fight continental drift. --UugvWAfsgieZRqgk Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIQqgYJKoZIhvcNAQcCoIIQmzCCEJcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DdwwggY0MIIEHKADAgECAgEgMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYD VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0 ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wNzEwMjQyMTAyNTVaFw0xNzEwMjQyMTAyNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UE ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0 ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKIVFnAEs+xny q6UzjCqgDcvQVe1dIoFnRsQPCFO+y92k8RK0Pn3MbQ2Gd+mehh9GBZ+36uUQA7Xj9AGM6wgP hEE34vKtfpAN5tJ8LcFxveDObCKrL7O5UT9WsnAZHv7OYPYSR68mdmnEnJ83M4wQgKO19b+R t8sPDAz9ptkQsntCn4GeJzg3q2SVc4QJTg/WHo7wF2ah5LMOeh8xJVSKGEmd6uPkSbj113yK Mm8vmNptRPmM1+YgmVwcdOYJOjCgFtb2sOP79jji8uhWR91xx7TpM1K3hv/wrBZwffrmmEpU euXHRs07JqCCvFh9coKF4UQZvfEg+x3/69xRCzb1AgMBAAGjggGtMIIBqTAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrlWDb+wxyrn3HfqvazHzyB3jrLsw HwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wu Y29tL3Nmc2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIB FiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRw Oi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4IC AQA6qScNyNO0FpHvaZTQacVMXH33O51KyEKSRw3IvdQxRu31YR0ZDGdSfgSoOVDVMSBSdmfQ fdDInHPzV3LO5DwUXZ+lxjv7z3PO2OkfnFkvTXPfn6dxJ5rJveDsTsCPcJ/Kp6/+qN5g+J6D /SaYcFD018B6L42r0Z4VEBy36P4tjRtF14Ex10tl5tJFVKM16qWKQHbpjIgf73s49UB0CQ5l HT2DHKfq3oPfdNc5Mk93w1v4ryVb+qVrZIej8NsrWU+5r4O2IV91edDb/OtHFddZqHFFXKgS 79IHE/hwQ2LW7r3sTX7cDUCg+dfdwO8zeLxuwk2JF8crUoyrl66RGrRIhT8VoG/OJ1Y9uUlO av69V4cG8upi4ZG2l7JZFbcBFk91Wp+Payo5SuF61CmGFrZ386umkmpObtFacXda2O/bVoQ9 xHQrzoTc/0KZTWvlZCLK3Ke/vGYT9ZdW9lOjGsSFbXrlTA919L84iMK+48WGnvRWY28ZaVHp ql43AtEGhXze6iNCbEDACy+4hkQYOytAqDgcxAnQ937mYpeZFPyz/XK9QSt9VNFMuudWxZwD DDJKoQAoSG59Hou9lZ26UrK60nRdAQBmEPL8h2nuWgoPh++XVQld9yuhbsWa39Pck8/lcfz5 HUVGJF5mc/zk38iV7FDlF68puiryNq2KXHEpOTCCB6AwggaIoAMCAQICAh0vMA0GCSqGSIb3 DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTIwMjIyMTYx NjM5WhcNMTQwMjIzMDEyMjU2WjCBgjEZMBcGA1UEDRMQcU1sMmtIaXNIczc1RGpsbDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDjAMBgNVBAcTBURhdmlzMRIwEAYDVQQD EwlPbWVuIFdpbGQxHzAdBgkqhkiG9w0BCQEWEG9tZW5AbWFuZGFyYi5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOx/wfbUjwfzM6yEcgjMODLBXAUgBCdOkgQtqKHwyn gru6Ke7m5Rclw/q/cPlQpS3BvIqGJmWvIP8PvW0/03M4j11lYDLXFDOElc1TgaPQsN3ZGEwp P8ZmdieO4Yf01iq7AdMf4TgeqR3yQTVeMPgbG3X1VUh29PgSOv17XLCiS+oiYhH5fBiQwdLm f80JVuuPF8Iyg9Xn6PZyQPeSjcNFvkOxLtkwfHN5/whwMsQTKx32ZrBGP6kAzIRJ2f0DR79o WHvu3CegQ6NaLcXmzWs0Fp4Pkdg1qCqzdqCyZq6bzLjVpIwbwbp1A87/A+9qUPeBCQZO2wIM a2tmnBfAnCaRAgMBAAGjggQSMIIEDjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFCC+uLCjHMzmBYFvRy9/OzT7R6hT MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MIGBBgNVHREEejB4gRBvbWVuQG1h bmRhcmIuY29tgRBvbWVuQG1hbmRhcmIuY29tgRNvbWVuLndpbGRAZ21haWwuY29tgRdvbWVu QGFzbXVuZHNvbi13aWxkLmNvbYESb21lbkB0cmVlZGF2aXMub3JngRBvbWVuQHVjZGF2aXMu ZWR1MIICIQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEW Imh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcW IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmlj YXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVx dWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy dHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcCAjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkgYW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0 ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRhdGlvbnMiIG9mIHRoZSBTdGFydENv bSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29t L2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9v Y3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0 cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQuY2EuY3J0MCMG A1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEA xTMXGZ3KYLF/4W1mZqFxf+4JqpRF8DmfIQs7jG0pM4/E8W18xuzlU9ROgqNduc4HXw6YHLhO etG+/+FYrFhkeNOGS8JOsiXKRI/7/YMedDiTeBdzhL+lZaroqhPLpWcM2fpfIL8o6MbFKg1t hid//ZYc0sobyDlrb9OMmxAxU0NtNcF8z4osd+fzPb3tRlmY8dXU+UB5Z7LBlTAMBl6hXPWh 63KZWyRvbzq1gVBLSeSsPgELH9XvckRZfklXfzWphq93PmJSQnLB4MpfovjJlvP5x4JvpB1M giaDD7pHzAn97TsPkaX8IG/7JqVQKAsjNzKpWbfwN3zszJN4ZB5LbzGCApYwggKSAgEBMIGT MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh0vMAkGBSsOAwIaBQCggdgw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNDAzMDQxMzE4 WjAjBgkqhkiG9w0BCQQxFgQU/Ld9c79LDncDoaIepEo/KgF0lUIweQYJKoZIhvcNAQkPMWww ajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw DQYJKoZIhvcNAQEBBQAEggEADQTTKgKYmF1kVbpF+HtZRCYZf9/HKpGTwRB2x9hqDZpbvvrA Fvf1rCcHmLwTeHEMeucFizu85b3E9TevOHoWSXYU39vUsbya8dDBQqoH1ZrJ8g2UQByJXozY LlnT8owr1gB1AEjNsCk0FfmWBtFBfSPf20qBHyjzLdzXsQi/yBzmvip5fVkr09m5S95SMz42 kBN3E/4kBZDq3d3t1ARpC4fsqij1BkX3jp1RwKAHTC34B2xtHid5k4hIyJu0NBqghYHFgu10 aNmPWDVAc5O0iuXOVTkyEmJdp1HoaKRi7BKFLKnLgdyJ21LYeYEOSiSJ6K5+Dm26+o/shFud 2Y4unQ== --UugvWAfsgieZRqgk--