[SATLUG] LUKS encrypting logical volumes on Debian Lenny Server
Daniel J. Givens
daniel at rugmonster.org
Wed Apr 30 13:12:47 CDT 2008
Chris Lemire wrote:
> There's a problem with having LUKS to encrypt everything on the hard drive witch is all in Logical Volume Management. Each time it reboots, it asks for the paraphrase. It would be nice if I could send it the encryption paraphrase over a network connection. What is normally done about this? My server doesn't go down anymore because it has way more cooling than it needs. You guys got to see some picture later that I'll post of this home built heavily modded monster Linux sky scraper. But what if I need to reboot to have the filesystem relabled by SELinux because I changed the Policy Type, or because I want to upgrade to a newer kernel? I have to leave right now. Thanks in advanced.
You could use a USB flash drive as a 'key' of sorts. Of course, if you
leave that unattended, you've left the keys to the castle, so to speak.
The whole point of disk encryption is to make it so the data isn't
easily accessible. If someone could simply turn the box on and the
system comes up with the encrypted volume mounted, what would be the
point? How likely is it that someone is going to come into your place
and steal just the disk. And if you're concerned about law enforcement,
they're going to take the whole kit.
Security and convenience are inversely related. Anytime you increase
security, you're going to lose some level of convenience and vice versa.
More information about the SATLUG