Disk encryption questions
In an effort to secure my system without degrading performance too much, I've
created an encrypted disk, then moved various directories onto that disk,
with softlinks from the original disk to there. So, for example, I have
stuff like this:
/home -> /crypted/home
/var/mail -> /crypted/var/mail
My question is... is that safe to do? Does the link compromise inode
information about the encrypted disk, for instance? I've never seen anyone
mentioning this, but I don't think I've heard anything against it either, and
it's a nice solution to implement.
Also, currently, this encrypted disk asks for a password at boot time (I'm
using loop-aes), and simply doesn't mount if the password is wrong. Is there
some way to make the system fail to boot if aes-loop's password validation
fails? Or, at least, how do I stop files being written under the mount point,
if it's not actually mounted? Can I just fully write-protect the mount
point, and then have that overridden when a disk is mounted on top?
Finally, I'm using aes-loop because I read that dm-crypt has vulnerabilities
over loop, and aes-loop is superior. Is that still the case?
Thanks
--
Lee.
Please do not CC replies directly to me. I'll read them on the list.
Reply to: