---------- Forwarded message ----------
From: Daniel Jitnah <djitnah@greenwareit.com.au>
Date: 23 April 2015 at 11:56
Subject: Re: In-place online encryption
To: Noah O'Donoghue <noah.odonoghue@gmail.com>


Of course please CC.. I did not realise I only replied to you!

Cheers
Daniel

On 23/04/15 11:45, Noah O'Donoghue wrote:
> Well, the use case does vary between machines,
>
> One use-case agnostic reason is because if you don't encrypt your root,
> someone can modify your binaries in ways you might not notice;
>
> For example, downgrade packages to a version that is vulnerable to an
> exploit, add backdoors, add applications that can leak your key, etc, etc.
>
> Another reason is sometimes I chain my encryption, for example I'll have
> a keyfile that is stored on my root partition unlock all the other
> partitions, to save me from remembering a passphrase per drive, instead
> I only need to remember one.
>
> But in general, It would be good to be able to live-encrypt my data
> holding partitions too. If I want to encrypt my 8TB drive array for
> example, I don't want it to be offline for 4-5 days in the process...
>
> Do you mind if I CC this to the list?
>
> On 23 April 2015 at 11:34, Daniel Jitnah <djitnah@greenwareit.com.au
> <mailto:djitnah@greenwareit.com.au>> wrote:
>
>     Hi Noah,
>
>     I am just curious as to why you would want to encrypt the whole root
>     partition?  Would you want to encrypt only home folder or other data
>     holding folder?
>
>     Daniel.
>
>     On 23/04/15 08:36, Noah O'Donoghue wrote:
>     > Hey all,
>     >
>     > I have a few cases where I'd like to encrypt without taking the system
>     > down for extended periods, ie, servers.
>     >
>     > In the windows/apple world truecrypt / bitlocker / filevault will all
>     > let you encrypt the root partition as a background process,
>     throttled to
>     > a low IO load. Usually this requires a reboot to get started, then
>     runs
>     > in the background.
>     >
>     > Does anyone know how to achieve this in the Linux world? (preferably
>     > with luks)
>     >
>     > -Noah
>     >
>     >
>     > _______________________________________________
>     > luv-main mailing list
>     > luv-main@luv.asn.au <mailto:luv-main@luv.asn.au>
>     > http://lists.luv.asn.au/listinfo/luv-main
>     >
>
>