From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kop@meme.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9ZXkG1LaInqf for <dm-crypt@saout.de>;
 Mon, 19 Sep 2011 18:00:03 +0200 (CEST)
Received: from smtp.meme.com (janus.meme.com [69.17.73.118])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 19 Sep 2011 18:00:02 +0200 (CEST)
Received: from mofo.meme.com (unknown [192.168.1.2])
 by smtp.meme.com (Postfix) with ESMTP id 5C3E9A1B6
 for <dm-crypt@saout.de>; Mon, 19 Sep 2011 11:00:00 -0500 (CDT)
Received: from mofo (localhost.localdomain [127.0.0.1])
 by mofo.meme.com (Postfix) with ESMTP id 5458843D0F
 for <dm-crypt@saout.de>; Mon, 19 Sep 2011 11:00:00 -0500 (CDT)
Date: Mon, 19 Sep 2011 11:00:00 -0500
From: "Karl O. Pinc" <kop@meme.com>
References: <1316447158.7965.12.camel@zarniwoop>
In-Reply-To: <1316447158.7965.12.camel@zarniwoop> (from zoqaeski@gmail.com
 on Mon Sep 19 10:45:52 2011)
Message-Id: <1316448000.17657.3@mofo>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] Questions about LUKS / LVM
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 09/19/2011 10:45:52 AM, Robbie Smith wrote:

> How much of a load on the system would LUKS + LVM be?
> Is it likely to
> result in a noticeable drop in performance?

It all depends, but generally no because cpu is _so_ much faster
than disk these days.

> Does entering the key(s)
> at
> boot decrypt the whole volume, or just provide a means for the kernel
> module to decrypt and encrypt on-the-fly?

The latter.

>=20
> And=E2=80=A6 how does it work? The documentation makes mention of multipl=
e
> key-slots; but I'm a little baffled as to how different keys can be
> used
> to decrypt the same volume. It is based on symmetric cryptography,
> isn't
> it?

Yes, but the master key is encrypted by each key, separately, and=20
that's what your multiple passwords decrypt.

See the tks-1 paper (iirc) referenced on the wiki for more info.




Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein