Re: Trouble with encrypted filesystems
On Tue, Feb 06, 2007 at 09:23:57 +0100, Dan H. wrote:
> Florian Kulzer wrote:
>
> > With your kernel version and udev, hal, dbus + pmount it should be
> > possible to just plug in the drive, wait a few seconds until udev
> > creates the device node and mount it normally with pmount (it will ask
> > for the passphrase). This requires that you use LUKS and device mapper,
> > which is, I think, the recommended way nowadays, especially since it is
> > fully integrated into cryptsetup (starting with Etch).
>
> Thanks for your answer. Some googling revealed that this is known
> trouble caused (or co-caused) by kjournald, and renicing kjournald from
> -5 to 0 "solves" the problem. Don't ask me why.
It is nice that we have the solution now in the archives, (hopefully)
easy to find for everyone. Thanks for following up on this.
> I'm using the cryptmount package to access the disk. Is there something
> inherently better with pmount, LUKS, and cryptsetup?
The main advantage of pmount is that it allows all members of the
"plugdev" group to mount pluggable devices. This eliminates the need to
add entries for pluggable devices to /etc/fstab. Since I use pmount
anyway I like the fact that it automatically recognizes LUKS partitions
and asks for the passphrase.
The main advantage of using LUKS is, AFAIK, that it allows you to change
your passphrase without having to re-encrypt all your data (while still
being "safe"). I do not know cryptmount well enough to compare it in
detail to cryptsetup; from the package description I get the feeling
that cryptmount has very similar features, except for LUKS support.
(Maybe it has another mechanism to achieve the same thing, though.)
--
Regards,
Florian
Reply to: