[Haifux] Nested disk encryption
eli at billauer.co.il
Thu Sep 16 04:09:02 MSD 2010
I have a piece of sensitive data, which I'd like to keep locked away
when I don't use it. It's reassuring to know, that even if my computer
would ever meet a trojan horse, that data will be off limit, unless I
would happen to be using it in very bad timing.
Having a Fedora 12 (kernel 2.6.32 for now), the immediate solution is to
create a large empty file, mount it as a loop device, and create an
encrypted disk on it. When I don't use the data, I simply close the
encryption, and all is safe and sound.
The only thing that worries me, is that the disk itself is a RAID-5
(three disks) with the whole thing encrypted (that is, the whole of
/dev/md0, which is why I don't have any unencrypted space left) and then
we have LVM over that. So if I pull my stunt, there will be five layers
of munching between real data and what is written on the hardware disk.
Including encrypting twice.
In a theoretical world, one can stack layers without worrying about
anything. In a real world, there are sometimes bugs, which show up in
I have no problem with some possible slowdown. I only wonder, if I'm not
pushing my luck.
So what do you say? Would you feel safe to stack one encryption on
another? Is it correct to assume that each layer works independently,
and therefore it doesn't matter how much I stack up?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Haifux