[SATLUG] LUKS encrypting logical volumes on Debian Lenny Server

Chris Lemire good_bye300 at yahoo.com
Thu May 1 02:19:56 CDT 2008



"Daniel J. Givens" <daniel at rugmonster.org> wrote: Chris Lemire wrote:
> There's a problem with having LUKS to encrypt everything on the hard drive witch is all in Logical Volume Management. Each time it reboots, it asks for the paraphrase. It would be nice if I could send it the encryption paraphrase over a network connection. What is normally done about this? My server doesn't go down anymore because it has way more cooling than it needs. You guys got to see some picture later that I'll post of this home built heavily modded monster Linux sky scraper. But what if I need to reboot to have the filesystem relabled by SELinux because I changed the Policy Type, or because I want to upgrade to a newer kernel? I have to leave right now. Thanks in advanced.

You could use a USB flash drive as a 'key' of sorts. Of course, if you 
leave that unattended, you've left the keys to the castle, so to speak. 
The whole point of disk encryption is to make it so the data isn't 
easily accessible. If someone could simply turn the box on and the 
system comes up with the encrypted volume mounted, what would be the 
point? 


I didn't know I could use keys instead of the encryption paraphrase. Can I have it read keys over a network from another computer?


How likely is it that someone is going to come into your place 
and steal just the disk. And if you're concerned about law enforcement, 
they're going to take the whole kit.
No, I just do this because I can like all the other stuff I do for Linux. It's fun to me. Who knows why?


Christopher Lemire <christopher.lemire at gmail.com>

SKYPE:	fakie_flip
AIM:	good bye300
IRC:	linux_user400354
LQ FORUMS AND YIM: fakie_flip
GTALK, JABBER AND MSN: recursivequicksort at jabber.org
       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.


More information about the SATLUG mailing list