[Haifux] Nested disk encryption
eli at billauer.co.il
Thu Sep 16 13:46:20 MSD 2010
Thanks, but it looks like we're not on the same page. I'm not looking
for double protection. And I know that in theory, what I want to do is
OK, and that the ciphers are theoretically strong (hoping we don't have
a Debian fiasco II buried somewhere).
My concern in about kernel reliability. Whether two layers of encryption
isn't a quirky scenario, which may reveal a nasty bug in the kernel code.
The best answer I could get would be something like "company X is using
this for years on their high availability servers without a glitch". I
would also settle for "I'm doing this all the time".
Orr Dunkelman wrote:
> If you use modern ciphers (AES-256, or Serpent are two such ciphers),
> there should be no problem.
> The RAID's encryption does not care what you encrypt. The loopback
> device does not care where it is stored. So you get double protection.
More information about the Haifux