[Haifux] Nested disk encryption

Eli Billauer eli at billauer.co.il
Thu Sep 16 04:09:02 MSD 2010


I have a piece of sensitive data, which I'd like to keep locked away 
when I don't use it. It's reassuring to know, that even if my computer 
would ever meet a trojan horse, that data will be off limit, unless I 
would happen to be using it in very bad timing.

Having a Fedora 12 (kernel 2.6.32 for now), the immediate solution is to 
create a large empty file, mount it as a loop device, and create an 
encrypted disk on it. When I don't use the data, I simply close the 
encryption, and all is safe and sound.

The only thing that worries me, is that the disk itself is a RAID-5 
(three disks) with the whole thing encrypted (that is, the whole of 
/dev/md0, which is why I don't have any unencrypted space left) and then 
we have LVM over that. So if I pull my stunt, there will be five layers 
of munching between real data and what is written on the hardware disk. 
Including encrypting twice.

In a theoretical world, one can stack layers without worrying about 
anything. In a real world, there are sometimes bugs, which show up in 
exotic situations.

I have no problem with some possible slowdown. I only wonder, if I'm not 
pushing my luck.

So what do you say? Would you feel safe to stack one encryption on 
another? Is it correct to assume that each layer works independently, 
and therefore it doesn't matter how much I stack up?

Thanks in advance,






Web: http://www.billauer.co.il

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20100916/91cddb8c/attachment.html 

More information about the Haifux mailing list