[SATLUG] LUKS encrypting logical volumes on Debian Lenny Server

Daniel J. Givens daniel at rugmonster.org
Wed Apr 30 13:12:47 CDT 2008


Chris Lemire wrote:
> There's a problem with having LUKS to encrypt everything on the hard drive witch is all in Logical Volume Management. Each time it reboots, it asks for the paraphrase. It would be nice if I could send it the encryption paraphrase over a network connection. What is normally done about this? My server doesn't go down anymore because it has way more cooling than it needs. You guys got to see some picture later that I'll post of this home built heavily modded monster Linux sky scraper. But what if I need to reboot to have the filesystem relabled by SELinux because I changed the Policy Type, or because I want to upgrade to a newer kernel? I have to leave right now. Thanks in advanced.

You could use a USB flash drive as a 'key' of sorts. Of course, if you 
leave that unattended, you've left the keys to the castle, so to speak. 
The whole point of disk encryption is to make it so the data isn't 
easily accessible. If someone could simply turn the box on and the 
system comes up with the encrypted volume mounted, what would be the 
point? How likely is it that someone is going to come into your place 
and steal just the disk. And if you're concerned about law enforcement, 
they're going to take the whole kit.

Security and convenience are inversely related. Anytime you increase 
security, you're going to lose some level of convenience and vice versa.


Daniel


More information about the SATLUG mailing list