Fwd: In-place online encryption

---------- Forwarded message ---------- From: Daniel Jitnah <djitnah@greenwareit.com.au> Date: 23 April 2015 at 11:56 Subject: Re: In-place online encryption To: Noah O'Donoghue <noah.odonoghue@gmail.com> Of course please CC.. I did not realise I only replied to you! Cheers Daniel On 23/04/15 11:45, Noah O'Donoghue wrote:
Well, the use case does vary between machines,
One use-case agnostic reason is because if you don't encrypt your root, someone can modify your binaries in ways you might not notice;
For example, downgrade packages to a version that is vulnerable to an exploit, add backdoors, add applications that can leak your key, etc, etc.
Another reason is sometimes I chain my encryption, for example I'll have a keyfile that is stored on my root partition unlock all the other partitions, to save me from remembering a passphrase per drive, instead I only need to remember one.
But in general, It would be good to be able to live-encrypt my data holding partitions too. If I want to encrypt my 8TB drive array for example, I don't want it to be offline for 4-5 days in the process...
Do you mind if I CC this to the list?
On 23 April 2015 at 11:34, Daniel Jitnah <djitnah@greenwareit.com.au <mailto:djitnah@greenwareit.com.au>> wrote:
Hi Noah,
I am just curious as to why you would want to encrypt the whole root partition? Would you want to encrypt only home folder or other data holding folder?
Daniel.
On 23/04/15 08:36, Noah O'Donoghue wrote: > Hey all, > > I have a few cases where I'd like to encrypt without taking the system > down for extended periods, ie, servers. > > In the windows/apple world truecrypt / bitlocker / filevault will all > let you encrypt the root partition as a background process, throttled to > a low IO load. Usually this requires a reboot to get started, then runs > in the background. > > Does anyone know how to achieve this in the Linux world? (preferably > with luks) > > -Noah > > > _______________________________________________ > luv-main mailing list > luv-main@luv.asn.au <mailto:luv-main@luv.asn.au> > http://lists.luv.asn.au/listinfo/luv-main >
participants (1)
-
Noah O'Donoghue