Re: zfs data partition, crypt loop mounts and newbie tutorials -- was Re: Suggestion for systemd and /usr on separate partition

emory) - remainder, ~700 MiB is a single data partition, which is assigned to a single-partition zpool (zfs disk pool) - inside the ZFS "internal" data pool, I create a number of ZFS "filesystems", see tutorial below - one of these holds various crypt volumes (

Re: [dm-crypt] SparesMissing event on /dev/md4:nsa320 (fwd)

any ideas -- Forwarded message -- Date: Thu, 9 Jul 2020 16:02:33 +0200 From: Arno Wagner To: dm-cr...@saout.de Subject: Re: [dm-crypt] SparesMissing event on /dev/md4:nsa320 (fwd) Hi, your array looks fine. But this is not a topic for the cryptsetup mailing list. Please use

zfs data partition, crypt loop mounts and newbie tutorials -- was Re: Suggestion for systemd and /usr on separate partition

data partition, which is assigned to a single-partition zpool (zfs disk pool) - inside the ZFS "internal" data pool, I create a number of ZFS "filesystems", see tutorial below - one of these holds various crypt volumes (virtual/loop mounted FSes) - inside each crypt vo

Re: What's going on with dm-crypt?!

On Mon, 24 Dec 2018 10:26:18 +0100 Pascal Hambourg wrote: > Le 24/12/2018 à 05:45, Celejar a écrit : > > > > I have / on a luks volume, mounted with dm-crypt (automatically, > > via /etc/fstab - /etc/crypttab). As recently as kernel 4.18.0-3, > > everything was norma

Re: What's going on with dm-crypt?!

On Mon, 24 Dec 2018 07:54:44 -0500 Dan Ritter wrote: > Celejar wrote: > > Hi, > > > > I have / on a luks volume, mounted with dm-crypt (automatically, > > via /etc/fstab - /etc/crypttab). As recently as kernel 4.18.0-3, > > everything was normal. With 4.19.0-1-

Re: What's going on with dm-crypt?!

Celejar wrote: > Hi, > > I have / on a luks volume, mounted with dm-crypt (automatically, > via /etc/fstab - /etc/crypttab). As recently as kernel 4.18.0-3, > everything was normal. With 4.19.0-1-amd64, the volume mounts, and the > system seems basically functional - but /d

Re: What's going on with dm-crypt?!

Le 24/12/2018 à 05:45, Celejar a écrit : I have / on a luks volume, mounted with dm-crypt (automatically, via /etc/fstab - /etc/crypttab). As recently as kernel 4.18.0-3, everything was normal. With 4.19.0-1-amd64, the volume mounts, and the system seems basically functional - but /dev/mapper

What's going on with dm-crypt?!

Hi, I have / on a luks volume, mounted with dm-crypt (automatically, via /etc/fstab - /etc/crypttab). As recently as kernel 4.18.0-3, everything was normal. With 4.19.0-1-amd64, the volume mounts, and the system seems basically functional - but /dev/mapper is empty besides for 'control

Re: Tool to crypt a password

hods and it's still used for serious encryption. > > I think you are mistaken. > > As a block cipher, even if there are no attacks against 3DES itself, it > is considered unsafe like all block ciphers with 64-bits blocks due to > birthday attacks. But that is not what we are talk

Re: Tool to crypt a password

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Feb 06, 2017 at 05:43:32PM +0100, Nicolas George wrote: > L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit : > > I wrote this many years ago. It's primitive, but may suit: > > > > http://wooled

Re: Tool to crypt a password

you are mistaken. As a block cipher, even if there are no attacks against 3DES itself, it is considered unsafe like all block ciphers with 64-bits blocks due to birthday attacks. But that is not what we are talking about here. The 3DES-derived crypt() implementation is bad for nowadays passwords for

Re: Tool to crypt a password

Nicolas George [2017-02-06 17:43:32+01] wrote: > L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit : >> I wrote this many years ago. It's primitive, but may suit: >> >> http://wooledge.org/~greg/crypt/ > > Indeed. Unfortunately, it suffers from a limita

Re: Tool to crypt a password

L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit : > I wrote this many years ago. It's primitive, but may suit: > > http://wooledge.org/~greg/crypt/ Indeed. Unfortunately, it suffers from a limitation similar to the one of htpasswd: it only supports 3DES, the oldest

Re: Tool to crypt a password

On Mon, Feb 06, 2017 at 05:28:39PM +0100, Nicolas George wrote: > Does anybody know a packaged program that provides a simple but good > interface to the libc's crypt() function? I wrote this many years ago. It's primitive, but may suit: http://wooledge.org/~greg/crypt/ &g

Tool to crypt a password

Hi. Does anybody know a packaged program that provides a simple but good interface to the libc's crypt() function? I mean something that reads "2JTnJhXPzISn" on stdin and writes "$6$BqdmYkw0fsG5y8Av$LOTAkcnFu.LJlaZH./16RgX.IqSPoxuhALCqgih9tMqspMLMVzJ9WZqxUJr/.ium/8pi3iWh56G..

Re: setting up systemd units for dm-crypt devices

On Mon, Jan 25, 2016 at 5:59 PM, Jonathan Dowland wrote: > Less important for me but still to figure out, where to put the magic so > that 'systemctl stop /mountpoint' also disables the relevant VG and closes > the luks device. (I would like to do this with a removable drive in the > near future s

Re: setting up systemd units for dm-crypt devices

On Mon, Jan 25, 2016 at 04:59:59PM +, Jonathan Dowland wrote: > I *think* enabling lvmetad has indeed fixed the requirement to "vgchange -a y > " upon unlocking the LUKS device. Great! Since it is harmless to leave the vgchange in when lvmetad *is* available, I suppose I should leave it in. So

Re: setting up systemd units for dm-crypt devices

On Mon, Jan 25, 2016 at 10:00:30AM +, Jonathan Dowland wrote: > It might be something to do with my LVM configuration. I had a hint > elsewhere that lvmetad might address this, so I'll explore that. I *think* enabling lvmetad has indeed fixed the requirement to "vgchange -a y " upon unlocking

Re: setting up systemd units for dm-crypt devices

On Fri, Jan 22, 2016 at 06:56:15PM +0100, Anders Andersson wrote: > On Fri, Jan 22, 2016 at 5:09 PM, Jonathan Dowland wrote: > > 2. vgchange -a y ... > I guess having a separate unit for this could be nice, but is it > really necessary? Having used LVM on top of LUKS, I can't recall > having

Re: setting up systemd units for dm-crypt devices

; I can write other units that depend on them. It's quite nice to type > 'systemctl > start /backup' and for it to correctly prompt for a decryption passphrase for > the depended-upon dm-crypt device.[1] I have a similar setup. I used crypttab to get systemd to generate a servic

setting up systemd units for dm-crypt devices

; and for it to correctly prompt for a decryption passphrase for the depended-upon dm-crypt device.[1] I currently do not decrypt these filesystems at boot time. The machine is a headless NAS box and I want it to be able to boot without having to plug a monitor into it.[2] To activate my filesyst

Re: Re: dm-crypt/LUKS performance

g/reading directly to/from the partition, b) cyrptsetup luksFormat + cryptsetup luksOpen and then writing to the corresponging /dev/mapper/ device. No LVM or other indirections involved as someone else suggested might have been the case. > That SSD appears to have hardware encryption. So,

Re: dm-crypt/LUKS performance

On Sun, 2014-11-16 at 18:56 -0800, David Christensen wrote: > That SSD appears to have hardware encryption. So, why dm-crypt? So you can copy/backup/move disks and partitions without worrying about whether you can get access to the result in the future? Because you don't want to trust or

Re: dm-crypt/LUKS performance

e throughput. You need to use a recent kernel that can run dm-crypt in parallel (and it needs to be compiled with that option enabled as well. I don't know if Debian's 3.16 is compiled like that). That information is missing from your report. > The system will be used as a home fil

Re: dm-crypt/LUKS performance

? Defaults? Customizations? That SSD appears to have hardware encryption. So, why dm-crypt? http://www.samsung.com/global/business/semiconductor/minisite/SSD/uk/html/about/SSD840Pro.html After doing some crude benchmarking tests with dd, I am surprised about the huge performance penalty

Re: dm-crypt/LUKS performance

David Fuchs wrote: > In short, the write speed plummets to around 160 MB/s, as opposed to 270 > MB/s on the naked partition; read speed is at 115 MB/s (slower than writing > - no idea why), as opposed to 465 MB/s on the bare partition. (I've pasted > the results below.) I don't have an immediate a

dm-crypt/LUKS performance

Hi all, First off, I realize this question has been asked here and elsewhere before, but I can't seem to find any recent relevant numbers on this. I am setting up a system with an Intel octo-core Avoton, which has AES-NI support. After doing some crude benchmarking tests with dd, I am surprised a

Re: Crypt data "on the fly"

On 07/06/14 15:23, Chris Bannister wrote: On Tue, Jun 03, 2014 at 02:13:23PM +0100, Darac Marjal wrote: differentiates it from random noise. For some people, being able to prove that data was encrypted is enough of a problem (I live in a country where my government can force me to reveal my keys

Re: Crypt data "on the fly"

On Tue, Jun 03, 2014 at 02:13:23PM +0100, Darac Marjal wrote: > differentiates it from random noise. For some people, being able to > prove that data was encrypted is enough of a problem (I live in a > country where my government can force me to reveal my keys - refusing > or forgetting results in

Re: Crypt data "on the fly"

On Mon, 2014-06-02 at 19:24 -0700, ty wrote: > On 06/02/2014 09:32 AM, L.M.J wrote: > > Hi, > > > > This may be a nasty/bad idea, but I still ask : > > I sync my data to a cloud storage online service. I do NOT want to > crypt my 60GB data at home, but I want &

Re: Crypt data "on the fly"

On Tue, Jun 03, 2014 at 02:53:26PM +0200, Bzzz wrote: > On Tue, 3 Jun 2014 10:03:17 +0100 > Darac Marjal wrote: > [cut] > > … > > Yes, but choosing your encryption badly can cause problems. For > > one, as above, bad choices can mean poor security. > > So, you're a real cryptanalyst; then, plea

Re: Crypt data "on the fly"

On Tue, 3 Jun 2014 10:03:17 +0100 Darac Marjal wrote: > I like the idea of Crashplan, but just slapping the label of > "Blowfish" on their encryption isn't quite good enough [1]. Mouhaharf, trusting SO for trivial Q/A is one thing, trusting it about things as sensible as crypto is much more neur

Re: Crypt data "on the fly"

On Mon, Jun 02, 2014 at 07:16:16PM +0200, Bzzz wrote: > On Mon, 02 Jun 2014 19:01:17 +0200 > Diogene Laerce wrote: > > > I use crashplan and Im quite happy with them : very professional > > and they do offer that service. ;) > > > > Their website : https://www.code42.com/store/ > > From what I

Re: Crypt data "on the fly"

On 02 Jun 2014, Diogene Laerce wrote: > > On 06/02/2014 06:43 PM, Bzzz wrote: > >On Mon, 2 Jun 2014 18:32:30 +0200 > >"L.M.J" wrote: > > > >> I sync my data to a cloud storage online service. I do NOT want > >>to crypt my 60GB data at home,

Re: Crypt data "on the fly"

how about using luks? Eero Sent from my iPad > On 02 Jun 2014, at 19:32, "L.M.J" wrote: > > Hi, > > This may be a nasty/bad idea, but I still ask : > I sync my data to a cloud storage online service. I do NOT want to crypt my > 60GB data at home, but I wa

Re: Crypt data "on the fly"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/02/2014 09:32 AM, L.M.J wrote: > Hi, > > This may be a nasty/bad idea, but I still ask : > I sync my data to a cloud storage online service. I do NOT want to crypt my 60GB data at home, but I want > them crypted on the cl

Re: Crypt data "on the fly"

On Mon, 2 Jun 2014 21:21:03 +0200 "L.M.J" wrote: > Le Mon, 2 Jun 2014 20:38:17 +0200, > Filip a écrit : > > > I like to keep things simple. > > I just create encrypted archives on the local disk with dar > > and then push them remote server with rsync. > > > > Dar encrypts and compresses the d

Re: Crypt data "on the fly"

On Mon, 2 Jun 2014 21:18:32 +0200 "L.M.J" wrote: > Last idea : can I still open encrypted files from an Android > device (of course, using an extra software) ? This is something you can do with encfs: https://code.google.com/p/cryptonite/ -- what's your cpu ? win xp -- To UNSUBSCRIBE, ema

Re: Crypt data "on the fly"

Le Mon, 2 Jun 2014 20:38:17 +0200, Filip a écrit : > I like to keep things simple. > I just create encrypted archives on the local disk with dar > and then push them remote server with rsync. > > Dar encrypts and compresses the data, slices it up in nice > managable archive files, and keeps all

Re: Crypt data "on the fly"

Le Mon, 02 Jun 2014 15:03:45 -0400, Ralph Katz a écrit : > apt-cache show duplicity # does exactly that. Already found a tut with my Cloud service and duplicity, may be the good way -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Cont

Re: Crypt data "on the fly"

Le Mon, 2 Jun 2014 18:32:30 +0200, "L.M.J" a écrit : > Hi, > > This may be a nasty/bad idea, but I still ask : > I sync my data to a cloud storage online service. I do NOT want to crypt my > 60GB data at home, but I want > them crypted on the cloud, so, wh

Re: Crypt data "on the fly"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/02/2014 12:32 PM, L.M.J wrote: > Hi, > > This may be a nasty/bad idea, but I still ask : I sync my data to a > cloud storage online service. I do NOT want to crypt my 60GB data > at home, but I want them crypted on the cloud, s

Re: Crypt data "on the fly"

On Mon, 2 Jun 2014 18:32:30 +0200 "L.M.J" wrote: > Hi, > > This may be a nasty/bad idea, but I still ask : > I sync my data to a cloud storage online service. I do NOT want to > crypt my 60GB data at home, but I want them crypted on the cloud, so, > when I rsy

Re: Crypt data "on the fly"

Le Mon, 2 Jun 2014 09:53:38 -0700 (MST), "der.hans" a écrit : > Am 02. Jun, 2014 schwätzte L.M.J so: > > moin moin, > > Would tahoe-lafs provide what you want? > > https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst As far as understand and according to my needs, I will have t

Re: Crypt data "on the fly"

On 06/02/2014 07:44 PM, Bzzz wrote: On Mon, 02 Jun 2014 19:24:59 +0200 Diogene Laerce wrote: Encryption key that is user-created (using the Passphrase or Generate options) and is used instead of the encryption key generated by the CrashPlan app. My bad, I didn't see it; however, I won't trus

Re: Crypt data "on the fly"

On Mon, 02 Jun 2014 19:24:59 +0200 Diogene Laerce wrote: > Encryption key that is user-created (using the Passphrase or > Generate options) and is used instead of the encryption key > generated by the CrashPlan app. My bad, I didn't see it; however, I won't trust any application words about that

Re: Crypt data "on the fly"

On 06/02/2014 07:16 PM, Bzzz wrote: On Mon, 02 Jun 2014 19:01:17 +0200 Diogene Laerce wrote: I use crashplan and Im quite happy with them : very professional and they do offer that service. ;) Their website : https://www.code42.com/store/ From what I see, encryption is blowfish, which is

Re: Crypt data "on the fly"

On Mon, 02 Jun 2014 19:01:17 +0200 Diogene Laerce wrote: > I use crashplan and Im quite happy with them : very professional > and they do offer that service. ;) > > Their website : https://www.code42.com/store/ From what I see, encryption is blowfish, which is good; but they also keep your key

Re: Crypt data "on the fly"

On 06/02/2014 06:43 PM, Bzzz wrote: On Mon, 2 Jun 2014 18:32:30 +0200 "L.M.J" wrote: I sync my data to a cloud storage online service. I do NOT want to crypt my 60GB data at home, but I want them crypted on the cloud, so, when I rsync the data, I would like to send encrypted fi

Re: Crypt data "on the fly"

On Mon, 2 Jun 2014 09:53:38 -0700 (MST) "der.hans" wrote: > Am 02. Jun, 2014 schwätzte L.M.J so: > > moin moin, > > Would tahoe-lafs provide what you want? > > https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst Yeah, kinda Shamir's secret; this one rely on a bit too few serve

Re: Crypt data "on the fly"

to crypt my 60GB data at home, but I want them crypted on the cloud, so, when I rsync the data, I would like to send encrypted files on the fly. I want to have encrypted files, not rsync a 60GB encrypted partition. Any ideas ? Thanks -- # http://www.LuftHans.com/http

Re: Crypt data "on the fly"

On Mon, 2 Jun 2014 18:32:30 +0200 "L.M.J" wrote: > I sync my data to a cloud storage online service. I do NOT want > to crypt my 60GB data at home, but I want them crypted on the > cloud, so, when I rsync the data, I would like to send encrypted > files on the fly. I

Crypt data "on the fly"

Hi, This may be a nasty/bad idea, but I still ask : I sync my data to a cloud storage online service. I do NOT want to crypt my 60GB data at home, but I want them crypted on the cloud, so, when I rsync the data, I would like to send encrypted files on the fly. I want to have encrypted

Re: Crypt Folder

gt; I am looking for a en/de-crypting folder solution. I need to crypt a > > folder and de-crypt only for a session. I mean: when a user manually > > decrypts that folder it must remain crypted for other sessions of the > > same user (same login through SSH, for example) > > Why?

Re: Crypt Folder

On 12/16/2013 04:22 AM, Iker Bilbao wrote: I am looking for a en/de-crypting folder solution. I need to crypt a folder and de-crypt only for a session. I mean: when a user manually decrypts that folder it must remain crypted for other sessions of the same user (same login through SSH, for

Re: Crypt Folder

On 12/16/13, Iker Bilbao wrote: > Dear list ;-), > > I am looking for a en/de-crypting folder solution. I need to crypt a > folder and de-crypt only for a session. I mean: when a user manually > decrypts that folder it must remain crypted for other sessions of the > sam

Re: Crypt Folder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2013 01:22 PM, Iker Bilbao wrote: > > I am looking for a en/de-crypting folder solution. I need to crypt > a folder and de-crypt only for a session. I mean: when a user > manually decrypts that folder it must remain crypt

Re: Crypt Folder

On 12/16/13, Iker Bilbao wrote: > I am looking for a en/de-crypting folder solution. I need to crypt a > folder and de-crypt only for a session. I mean: when a user manually > decrypts that folder it must remain crypted for other sessions of the > same user (same login thro

Crypt Folder

Dear list ;-), I am looking for a en/de-crypting folder solution. I need to crypt a folder and de-crypt only for a session. I mean: when a user manually decrypts that folder it must remain crypted for other sessions of the same user (same login through SSH, for example) and any other users

Re: lvm2 on top of dm-crypt - how to add new hard disk

On Wed, Aug 21, 2013 at 12:19:40PM -0300, Luther Blissett wrote: > My initial guess was that it should be possible to extend this > encryption scheme to the new hard disk using standard lvm tools and the > unencrypted "open" disk as physical volume to the already existing > volume group. However, a

lvm2 on top of dm-crypt - how to add new hard disk

Hello folks, So I might better ask before attempting something stupid. I need to add a new hard drive to an encrypted debian box. The encryption scheme was set using debian installer defaults which resulted in just /dev/sda1 -> /boot outside block device encryption. Everything else is encrypted an

lvm2 on top of dm-crypt - how to add new hard disk

Hello folks, So I might better ask before attempting something stupid. I need to add a new hard drive to an encrypted debian box. The encryption scheme was set using debian installer defaults which resulted in just /dev/sda1 -> /boot outside block device encryption. Everything else is encrypted an

debian 6.0.7 amd64 raid0 lvm crypt - bootloader issue

crypt defaults with all installed onto same partition Using this setup /boot was created as primary partition under raid stripe Ie /dev/mapper/long-sata-raid-name1 All else is located in logical encrypted volume Ie /dev/mapper/long-sata-raid-name5 Start rescue mode and select /dev/my-volume-group

Re: Seeking advise on changing names of target in dm-crypt

On 2013-03-18 19:15, Philip Ashmore wrote: > I had a similar problem with "Where does the update-initramfs hook > get the kernel name from?" > http://lists.debian.org/debian-devel/2011/01/msg00796.html > > I just realised that I posted the solution - to myself. > > Here it is. >> According to t

Re: Seeking advise on changing names of target in dm-crypt

On 2013-03-18 17:44, Mr G wrote: > I just remembered that most filesystems allow you to set the UUID. So > you could just change the UUID to match the one it is expecting. Normally that should work. Problem here is that the system now tries to mount the same UUID twice. Anyway. I have given up an

Re: Seeking advise on changing names of target in dm-crypt

On 18/03/13 08:40, J.A. de Vries wrote: On 2013-03-18 03:03, green wrote: J.A. de Vries wrote at 2013-03-17 13:46 -0500: I have been messing around with fstab, crypttab, blkid.tab, grub and initramfs and every time a new dependency rears its ugly head. The system still keeps asking for the orig

Re: Seeking advise on changing names of target in dm-crypt

On 2013-03-18 03:03, green wrote: > J.A. de Vries wrote at 2013-03-17 13:46 -0500: >> I have been messing around with fstab, crypttab, blkid.tab, grub and >> initramfs and every time a new dependency rears its ugly head. The >> system still keeps asking for the original name of the partition with /

Re: Seeking advise on changing names of target in dm-crypt

J.A. de Vries wrote at 2013-03-17 13:46 -0500: > I have been messing around with fstab, crypttab, blkid.tab, grub and > initramfs and every time a new dependency rears its ugly head. The > system still keeps asking for the original name of the partition with / > on it. I am thinking of giving up an

Re: Seeking advise on changing names of target in dm-crypt

On 2013-02-20 07:14, Rick Thomas wrote: > Recently I've added a couple of disks to a system. All these disks > are encrypted using dm-crypt with the Luks extensions. The result is > working just fine, but now I have the old target names the installer > defined and the new ones

Re: Seeking advise on changing names of target in dm-crypt

On Feb 19, 2013, at 12:10 PM, J.A. de Vries wrote: On 2013-02-19 20:36, green wrote: I use LUKS and cryptsetup encryption, but not for the root filesystem. Probably fstab and crypttab are all that you need to change. Grub configuration is another possibility, but I am guessing that you have

Re: Seeking advise on changing names of target in dm-crypt

On 2013-02-19 20:36, green wrote: > I use LUKS and cryptsetup encryption, but not for the root > filesystem. Probably fstab and crypttab are all that you need to > change. Grub configuration is another possibility, but I am guessing > that you have a dedicated /boot partition and so no grub chang

Re: Seeking advise on changing names of target in dm-crypt

J.A. de Vries wrote at 2013-02-18 05:57 -0600: > I am thinking of changing the names of the targets in crypttab and > fstab. Are there other files I need to adjust? Any pitfalls I need to be > aware of? I am thinking especially of the target that contains /. I use LUKS and cryptsetup encryption, b

Seeking advise on changing names of target in dm-crypt

Hi list, Recently I've added a couple of disks to a system. All these disks are encrypted using dm-crypt with the Luks extensions. The result is working just fine, but now I have the old target names the installer defined and the new ones I added. Normally no biggie, but the names the inst

Re: [dm-crypt] Help needed please with luks volume

On 04/01/2012 09:09 PM, Bhasker C V wrote: > Hi all > > Sorry for the cross-list posting; I think this will help. > > I have a luks formatted volume and on debian this volume just stopped > working after a dist-upgrade > The error reported is as below > > > $ sudo cryptsetup luksOpen /dev/

Re: LUKS/ dm-crypt/ ext4 appears to be single threaded

On Mon, 19 Mar 2012, David Christensen wrote: > On 03/18/2012 06:50 PM, Henrique de Moraes Holschuh wrote: > >Just get a box with a supported very-high-speed AES hardware accelerator > >(e.g. recent amd64/x86-64 processors with AES-NI), and tune your dm-crypt > >usage t

Re: LUKS/ dm-crypt/ ext4 appears to be single threaded

On 03/18/2012 06:50 PM, Henrique de Moraes Holschuh wrote: Just get a box with a supported very-high-speed AES hardware accelerator (e.g. recent amd64/x86-64 processors with AES-NI), and tune your dm-crypt usage to cyphers that can be hardware accelerated. Yes, my next machine will have AES-NI

Re: LUKS/ dm-crypt/ ext4 appears to be single threaded

On Sun, 18 Mar 2012, David Christensen wrote: > with ext4. I've noticed what appears to be single-threaded behavior ... > Is this a fundamental limitation of LUKS, dm-crypt, and/or ext4, or > something I've configured/ misconfigured? It is a limitation of dm-crypt. Ju

LUKS/ dm-crypt/ ext4 appears to be single threaded

debian-user: I have a 1.5 TB SATA hard drive I use for back-up's. It has a single large partition encrypted with LUKS/ dm-crypt and formatted with ext4. I've noticed what appears to be single-threaded behavior when one process is performing a long-lived write to the disk (notably

Re: reduce crypt partition

Arno Schuring @ 11/27/2011 04:59 AM: > Advice: use fdisk -u. > [..] > Total sectors = 5119*8192 = 41934848 thank you!! i added an extra 5120 sectors just to be safe and used +41939968 in fdisk. all seems to be working well and i now have ~18G free space. i'm surprised and pleased it's so simpl

Re: reduce crypt partition

scar (s...@drigon.com on 2011-11-25 13:56 -0700): > i need a little help reducing my crypt partition. when i first > installed debian, i used a rather standard /boot on /dev/hda1 and > crypt on /dev/hda2, using LVM for the rest of the partitions. [..] > > $ sudo fdisk -l Advice: u

reduce crypt partition

i need a little help reducing my crypt partition. when i first installed debian, i used a rather standard /boot on /dev/hda1 and crypt on /dev/hda2, using LVM for the rest of the partitions. i've been following this[1] resize guide and i am at step 5, having already resized my logical LVM

Re: OTabsolutely: strength of dm-crypt

On Wed, 19 Oct 2011 02:21:39 +0700, Sthu Deus wrote: > Good time of the day. > > I apology for out of topic thread. > > Could You please point me to the links (I can not find the info through > google) that gives information or share Your own knowledge - on dm-crypt > stre

OTabsolutely: strength of dm-crypt

Good time of the day. I apology for out of topic thread. Could You please point me to the links (I can not find the info through google) that gives information or share Your own knowledge - on dm-crypt strength (time/iterations needed to brute force the pass phrase) depending on its pass phrase

Re: old unix crypt

T o n g wrote: > What's the current replacement for the old unix "crypt"? It depends upon what you mean by replacement. Do you want to decrypt previously encrypted files? Or do you want a currently best in class secure file encryption program? If the latter then 'gpg&#x

Re: old unix crypt

In , T o n g wrote: >What's the current replacement for the old unix "crypt"? I suggest the "makepasswd" package, which contains the useful "makepasswd" script. It can generate passwords, but it also has the functions of crypt; check

old unix crypt

Hi, What's the current replacement for the old unix "crypt"? mcrypt was intended to be the replacement, but "Please note that this package is buggy and unmaintained by the upstream authors". I hope openssl can do that, but I can't figure that out from openss

Re: crypt question/server hotel

the same thing.) I can crypt my partition/hdd's that contains the data. Ok. But: then my operating system will not be encrypted. Not Ok. Well, once booted, and if they have some kind of hardware access before you boot into your system, you are doomed. Because they can have backd

Re: crypt question/server hotel

such untrusted servers for the sensitive data. You can put measures to remote break-in etc. But whoever have local hysical access can get tou your data on the system. (I do not quite understand what kind of server arrangement ... virtualized or rack moiunted dedicated server... either way, i

Re: crypt question/server hotel

Jozsi Vadkan wrote: I want to put my server in a "server hotel". But: I don't trust my "server hotel owner". What can I do? I can crypt my partition/hdd's that contains the data. Ok. But: then my operating system will not be encrypted. Not Ok. If I crypt my o

crypt question/server hotel

I want to put my server in a "server hotel". But: I don't trust my "server hotel owner". What can I do? I can crypt my partition/hdd's that contains the data. Ok. But: then my operating system will not be encrypted. Not Ok. If I crypt my operating system too, th

Re: LVM+RAID+CRYPT

On Fri, 8 Jan 2010 11:49:35 -0700 Matthew Moore wrote: > On Friday January 8 2010 4:41:54 am Sjors van der Pluijm wrote: > > Just found out that /boot should not be in LVM because bootloaders might > > not understand it. /boot unencrypted does not seem to be the end of the > > world. http://tld

Re: LVM+RAID+CRYPT

On 1/8/2010 3:32 PM, Stan Hoeppner wrote: Ross Boylan put forth on 1/8/2010 1:53 PM: On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote: Never run encryption on swap. Doing so merely burdens performance. I doubt even NSA, CIA, MI6 encrypt swap partitions on workstations. I bet every t

Re: LVM+RAID+CRYPT

Ross Boylan put forth on 1/8/2010 1:53 PM: > On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote: >> >> Never run encryption on swap. Doing so merely burdens performance. I >> doubt >> even NSA, CIA, MI6 encrypt swap partitions on workstations. > This is completely contrary to the advice of t

Re: LVM+RAID+CRYPT

; > Carve out a logical volume for /. I wouldn't bother > encrypting this myself, personally. > > Carve out a logical volume for swap. I'd encrypt this with a > random key. mkswap the resulting block device. > > Carve out a logical volume for your main user's $HOME

Re: LVM+RAID+CRYPT

On Fri, 2010-01-08 at 05:26 -0600, Stan Hoeppner wrote: > > Never run encryption on swap. Doing so merely burdens performance. I > doubt > even NSA, CIA, MI6 encrypt swap partitions on workstations. This is completely contrary to the advice of the encryption folks. You MUST encrypt swap in orde

Re: LVM+RAID+CRYPT

In <4b47166d.8070...@hardwarefreak.com>, Stan Hoeppner wrote: >Sjors van der Pluijm put forth on 1/8/2010 5:13 AM: >> 3. Is it ok to have swap and /boot on an encrypted LVM? Swap is okay. Boot depends on your boot loader. I don't know if grub2 can handle this or not. >Never run encryption on s

Re: LVM+RAID+CRYPT

Matthew Moore put forth on 1/8/2010 12:49 PM: > Since we are being paranoid, what happens if the NSA breaks into your home > when you are asleep and installs a hypervisor on your /boot that records your > password/keyfile next time you derypt? Until now I had no reason for an IMAP folder labele

Re: LVM+RAID+CRYPT

On Friday January 8 2010 4:41:54 am Sjors van der Pluijm wrote: > Just found out that /boot should not be in LVM because bootloaders might > not understand it. /boot unencrypted does not seem to be the end of the > world. http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html Since we are being

Re: LVM+RAID+CRYPT

ey. mkswap the resulting block device. Carve out a logical volume for your main user's $HOME. I'd encrypt this with a passphrase of your choosing. I'd use the LUKS settings as your encryption parameters, via device mapper 'dm-crypt'. Stick an ext3 filesystem on top o

Re: LVM+RAID+CRYPT

2010/1/8 Γιώργος Πάλλας : > Stan Hoeppner wrote: >> >> Sjors van der Pluijm put forth on 1/8/2010 5:13 AM: >> >> >>> >>> 3. Is it ok to have swap and /boot on an encrypted LVM? >>> >> >> Never run encryption on swap.  Doing so merely burdens performance.  I >> doubt >> even NSA, CIA, MI6 encrypt sw

  1   2   3   >