[Haifux] Nested disk encryption

Eli Billauer eli at billauer.co.il
Thu Sep 16 13:46:20 MSD 2010


Thanks, but it looks like we're not on the same page. I'm not looking 
for double protection. And I know that in theory, what I want to do is 
OK, and that the ciphers are theoretically strong (hoping we don't have 
a Debian fiasco II buried somewhere).

My concern in about kernel reliability. Whether two layers of encryption 
isn't a quirky scenario, which may reveal a nasty bug in the kernel code.

The best answer I could get would be something like "company X is using 
this for years on their high availability servers without a glitch". I 
would also settle for "I'm doing this all the time".


Orr Dunkelman wrote:

> If you use modern ciphers (AES-256, or Serpent are two such ciphers),
> there should be no problem.
> The RAID's encryption does not care what you encrypt. The loopback
> device does not care where it is stored. So you get double protection.
> Orr.

Web: http://www.billauer.co.il

More information about the Haifux mailing list