This One Time, at Band Camp, Mick <[EMAIL PROTECTED]> said, On Tue, Mar 25, 2008 at 05:23:00PM +0000: > > That's why I have my entire installation over a DM-CRYPT ( LUKS > > encrypted partition... ), including swaps and storage ( LVM over > > DM-CRYPT actually), this way even if someone had a physical access to > > my laptop, both GRUB and LiveCD approach would be useless...
> I've thought about going for this . . . and then backpedaled once more. Every > time I had a fs problem I have managed to recover to this date without much > trouble. Vanilla primary and extended partitions seem to be straight forward > to access with any LiveCD. To be honest even when I had to frig about with > LVM I managed to recover without loss of data (more out of luck than skill I > suspect). The thought however, that I may lose my private key (never say > never), or lose a drive and need to access my data pronto from a back up > makes me somewhat nervous. Should I be more brave that this? Well it depends... First of all you should know that almost every LiveCD now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does ( not as is though you should apt-get cryptsetyp, AFAIK lvm already installed), so recovering data would not be that hard if you can open the partition... As for loosing the key, that's easy too, here's what I do: I create a small file from /dev/urandom and I use it as pass key SLOT, and store it somewhere safe, so if and when I forget all of the passwords I have, I use this key, it is safe. Anyway as I said above it actually depends, using dm-crypt will lower the performance of your machine which actually make sense since the data are encrypted before they are written to the disk (AFAIK I'm not really sure how it handles I/O operations, but I'm sure that writing a huge file to your HDD will result in a lot of CPU usage of the process 'kcryptd'), but using dm-crypt is very very secure, I use it because my laptop is with me every day when I go to the university so I need this kind of security... On the other hand if you don't need encryption, maybe you should stick with LVM... (LVM is a must checkout my partitions below, I love it...) --------- CUT # lvdisplay -C LV VG Attr LSize Origin Snap% Move Log Copy% Convert gentoo-opt system -wi-ao 1.00G gentoo-overlays system -wi-ao 1.00G gentoo-root system -wi-ao 500.00M gentoo-usr system -wi-ao 5.00G gentoo-var system -wi-ao 500.00M home system -wi-ao 15.00G storage system -wi-ao 50.66G suspend-swap system -wi-a- 1.00G swap system -wi-ao 2.00G tmp system -wi-ao 500.00M ubuntu-opt system -wi-ao 1.00G ubuntu-root system -wi-ao 500.00M ubuntu-usr system -wi-ao 3.50G ubuntu-var system -wi-ao 500.00M var-tmp system -wi-ao 100.00M --------- CUT Regards, -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 /ö\ /ö\ When Chuck Norris wants an egg, he cracks open a chicken.
pgpLYgDcopIR7.pgp
Description: PGP signature
