---------- Forwarded message ----------
From:
Daniel Jitnah <djitnah@greenwareit.com.au>Date: 23 April 2015 at 11:56
Subject: Re: In-place online encryption
To: Noah O'Donoghue <
noah.odonoghue@gmail.com>
Of course please CC.. I did not realise I only replied to you!
Cheers
Daniel
On 23/04/15 11:45, Noah O'Donoghue wrote:
> Well, the use case does vary between machines,
>
> One use-case agnostic reason is because if you don't encrypt your root,
> someone can modify your binaries in ways you might not notice;
>
> For example, downgrade packages to a version that is vulnerable to an
> exploit, add backdoors, add applications that can leak your key, etc, etc.
>
> Another reason is sometimes I chain my encryption, for example I'll have
> a keyfile that is stored on my root partition unlock all the other
> partitions, to save me from remembering a passphrase per drive, instead
> I only need to remember one.
>
> But in general, It would be good to be able to live-encrypt my data
> holding partitions too. If I want to encrypt my 8TB drive array for
> example, I don't want it to be offline for 4-5 days in the process...
>
> Do you mind if I CC this to the list?
>
> On 23 April 2015 at 11:34, Daniel Jitnah <djitnah@greenwareit.com.au
> <mailto:djitnah@greenwareit.com.au>> wrote:
>
> Hi Noah,
>
> I am just curious as to why you would want to encrypt the whole root
> partition? Would you want to encrypt only home folder or other data
> holding folder?
>
> Daniel.
>
> On 23/04/15 08:36, Noah O'Donoghue wrote:
> > Hey all,
> >
> > I have a few cases where I'd like to encrypt without taking the system
> > down for extended periods, ie, servers.
> >
> > In the windows/apple world truecrypt / bitlocker / filevault will all
> > let you encrypt the root partition as a background process,
> throttled to
> > a low IO load. Usually this requires a reboot to get started, then
> runs
> > in the background.
> >
> > Does anyone know how to achieve this in the Linux world? (preferably
> > with luks)
> >
> > -Noah
> >
> >
> > _______________________________________________
> > luv-main mailing list
> >
luv-main@luv.asn.au <mailto:
luv-main@luv.asn.au>
> >
http://lists.luv.asn.au/listinfo/luv-main
> >
>
>