From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Fri, 18 Feb 2011 20:57:41 +0100 (CET) Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p1IJveOe004216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 18 Feb 2011 14:57:40 -0500 Received: from [10.36.6.161] (vpn1-6-161.ams2.redhat.com [10.36.6.161]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p1IJvdTw008242 for ; Fri, 18 Feb 2011 14:57:39 -0500 Message-ID: <4D5ECF32.8030704@redhat.com> Date: Fri, 18 Feb 2011 20:57:38 +0100 From: Milan Broz MIME-Version: 1.0 References: <20110218173302.GA9234@tansi.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] LUKS and LVM List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 02/18/2011 06:53 PM, Eric Bauman wrote: >>> I typically randomise my block device before creating a LUKS container >>> on it. Option 2 would seem to reduce the effectiveness of this because >>> LVM will give clues to where real data might be. The information where the partition (LVs) start is something that should not cause security problems. For LUKS over LVM you will see LVM metadata in plain form, for LVM over LUKS you will see only LVM PV data offset (LVM metadata are encrypted). Both methods are used, both works. Depends on you preference. I had some pictures how the disk layout looks like for both cases http://mbroz.fedorapeople.org/talks/LinuxAlt2008-eng/ (the slides are not perfect though:-) Milan