Re: Advice on encryption of external disk

To: Florent Peterschmitt <florent@peterschmitt.fr>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: Advice on encryption of external disk
From: Celejar <celejar@gmail.com>
Date: Wed, 4 Feb 2015 13:52:24 -0500
Message-id: <[🔎] 20150204135224.bf6315cb36e4961f12af34a0@gmail.com>
In-reply-to: <[🔎] 54D23C70.3060208@peterschmitt.fr>
References: <[🔎] 20150204082043.a80fbcb111ca2a4d4b833c12@gmail.com> <[🔎] 54D23C70.3060208@peterschmitt.fr>

On Wed, 04 Feb 2015 16:36:16 +0100
Florent Peterschmitt <florent@peterschmitt.fr> wrote:

> On 02/04/2015 02:20 PM, Celejar wrote:
> > Hi,
> > 
> > I am preparing a USB external HDD for use with my T61 ThinkPad (Core 2
> > Duo CPU T7300 @ 2.00GHz). The disk will fulfill two, very different
> > functions: general backup for files (mail, documents, etc.) via
> > rsnapshot (rsync type backup), and overflow storage for my full main
> > HDD ("big" files such as media: audio, video, PDFs).
> > 
> > For the backups, I need encryption; the media storage doesn't require
> > it. Currently, I use different partitions on my external disks: plain
> > for storage, and encrypted (dmcrypt / LUKS) for the backups (and
> > storage of sensitive information). This obviously adds complexity, so
> > I'm thinking of going to one encrypted partition for everything. The
> > obvious possible downside is performance: everything I read indicates
> > that there is a significant hit, even on modern hardware, but I don't
> > really know if it's current, accurate, or relevant to my use case.
> > 
> > What would the experts recommend: one partition for everything for
> > simplicity, or separate ones for a possible performance advantage?
> > 
> > Celejar
> > 
> > 
> 
> Hello,
> 
> Personaly, I use full encryption and each partition is on a logical
> volume, with LVM physical volume encrypted.

That's what I do with the laptop's main drive - set up a luks
partition, put LVM on it, and put /home, /usr and so on on LVM.

> Say I have /dev/sda2 of 100GB, it is encrypted with luks.
> 
> I open this luks volume and setup LVM with pvcreate on
> /dev/mapper/luks_sda2, then create my LV.
> 
> About performance downside, if you have a recent processor with aesni
> instructions (for intel, dunno for AMD but they have the same feature
> too), the Linux kernel does have a module to handle hardware encryption,
> which speeds up the job.
> 
> 
> But, in both cases (with or without instructions), you will not really
> notice any difference even with a quite old processor, like core i2. You
> may find it a little slower at machine's first boot. If we speak about
> Desktop computers. Never tried to setup encryption on loaded servers.

Thanks for the information.

> Also, I dont really understand why you want to do "half encryption".
> Only backups and not other things? Sounds strange to me.
> 
> But you're free to do so of course.

The media are things like music, videos and PDFs, which are mostly
stuff I've downloaded from the internet (or uploaded there). The stuff
is publicly available - why bother encrypting it? Of course, my
personal stuff is all encrypted.

Celejar

Reply to:

References:
- Advice on encryption of external disk
  - From: Celejar <celejar@gmail.com>
- Re: Advice on encryption of external disk
  - From: Florent Peterschmitt <florent@peterschmitt.fr>

Prev by Date: Re: Anti-spam recommendations
Next by Date: Re: Advice on encryption of external disk
Previous by thread: Re: Advice on encryption of external disk
Next by thread: Re: Need SATA controller for 4TB internal drives
Index(es):
- Date
- Thread