Quote:
Originally Posted by brobr
Could one cover these scenarios with a LVM + LUKS set up?
|
Quote:
2) on a set-up where / is divided over several discs/partitions (say to prevent /tmp or /var/log overflowing the disc-space or to keep them separate on the data hdd and away from the SSD that contains the rest of the distribution)
|
You can slice & dice the disks/partitions/volumes
almost anyway you want regarding encryption. I have some encrypted systems with only 3 partitions (root boot & swap) and one fully encrypted server that has a dozen different file systems mounted. Some systems have hard disks, some SSD, and some both. Most have RAID.
I've previously used LVM with encryption but I'm not currently using LVM so I may have forgotten some important LVM limitations regarding encryption.
Quote:
4) in the case of very large data-files (>10 GB) that are analysed by means of a couple of python-scripts, would encryption markedly slow this down (say on a i7 processor that has aes built in and with 16GB RAM available) or not?
|
Speed/Performance is, of course, relative. On my daily use system I have a 45GB file (in an encrypted partition) that acts as the complete file system for MSWIN7 in VirtualBox. The disk access performance is fine for me for programs I run interactively on it. (Note that 45GB is tight. I should have bought a larger SSD to accommodate a larger VirtualBox "disk".) The main performance hit is not the encryption, but in using a file that pretends to be a file system.
I usually suggest that people test their application & measure the performance for themselves instead of guessing. I think that you'll find that performance loss due to encryption/decryption for most applications is barely measurable.
Quote:
5) would using described disc-encryption make things easier when one has been using TrueCrypt before (and ending up deleting all these sections because access failed for some reason or another)
|
I don't have any experience with TrueCrypt so I can't compare with LUKS. For my limited use of computers (half of which run 24/7), I've not had any problems with LUKS encryption. {typing quietly so the nearby computers don't notice}
With LUKS you need to backup the LUKS Header in case the originals become corrupted. You can assure that you will
never be able to access data on a LUKS encrypted disk by just simply "overwriting header and key-slot area" (from cryptsetup man page). I also store
decrypted backups of the data in multiple bank safe deposit boxes.
It's funny that I used to do just the opposite. A couple of decades ago, before all this Internet hocus pocus, the locally-accessed server disk files were unencrypted but the offsite storage backup tapes in locked & security sealed metal cases were encrypted.
-----------
It's easy to experiment. Just create one or more expendable partitions, secure with LUKS, add filesystems/volumes and experiment. Deal with full system encryption later.