[Haifux] Nested disk encryption

Zaar Hai haizaar at haizaar.com
Thu Sep 16 15:44:23 MSD 2010


Some time ago I did what you've done, but not for some real use - just
for testing. I suggest you run iozone (or other io benchmark) on your
loopback partition and see if anything goes wrong.

On Thu, Sep 16, 2010 at 11:46 AM, Eli Billauer <eli at billauer.co.il> wrote:
> Hi,
>
>
> Thanks, but it looks like we're not on the same page. I'm not looking
> for double protection. And I know that in theory, what I want to do is
> OK, and that the ciphers are theoretically strong (hoping we don't have
> a Debian fiasco II buried somewhere).
>
>
> My concern in about kernel reliability. Whether two layers of encryption
> isn't a quirky scenario, which may reveal a nasty bug in the kernel code.
>
>
> The best answer I could get would be something like "company X is using
> this for years on their high availability servers without a glitch". I
> would also settle for "I'm doing this all the time".
>
>
>    Eli
>
>
> Orr Dunkelman wrote:
>
>> If you use modern ciphers (AES-256, or Serpent are two such ciphers),
>> there should be no problem.
>>
>> The RAID's encryption does not care what you encrypt. The loopback
>> device does not care where it is stored. So you get double protection.
>>
>> Orr.
>>
>>
>
>
> --
> Web: http://www.billauer.co.il
>
> _______________________________________________
> Haifux mailing list
> Haifux at haifux.org
> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>



-- 
Zaar



More information about the Haifux mailing list