[Cialug] Encrypted Disk / Partition
Zachary Kotlarek
zach at kotlarek.com
Sun Sep 19 00:43:58 CDT 2010
On Sep 18, 2010, at 8:14 PM, Todd Walton wrote:
> What's the going method for encrypted disks in Linux these days?
>
> dm-crypt?
As far as pure-kernel encryption goes, dm-crypt is basically it. Even TrueCrypt (6 and later) uses dm-crypt behind the scenes, it just does its own key management. There are other options if you use FUSE. There are a few of other options -- like eCryptfs -- if you're looking for file-level rather than block-level automatic encryption, but they're not as widely supported.
dm-crypt with LUKS is well supported and reasonably fast, though it is not multi-threaded within a single target (it is threaded per target) so you'll likely end up with 1 core pegged under high I/O, which gets me ~100 MBps on a E5520 @ 2.27GHz.
Many distros now have built-in support for dm-crypt/LUKS, sometimes including an encrypted root (though obviously the kernel needs to be available in plain text); if you don't want to muck with your init scripts or build a custom initramdisk you should definitely use the built-in tools. If you do your own boot scripts I have an example at:
http://zinux.cynicbytrade.com/svn/devel/cryptsetup/files/
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20100919/bd18bebf/attachment.bin
More information about the Cialug
mailing list