LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Like truecrypt but better protected against drive failures (https://www.linuxquestions.org/questions/linux-general-1/like-truecrypt-but-better-protected-against-drive-failures-4175438537/)

Ulysses_ 11-24-2012 07:59 AM
Like truecrypt but better protected against drive failures
 
Somewhere I read that with truecrypt containers if the physical drive develops a fault you lose too much data. Maybe they meant the entire container is invalidated or something like that. What exactly might be the issue with truecrypt containers?

What are some alternative file encryption solutions that offer more recovery in case of failure or are better protected against partial failure like bad sectors? Would rather not buy a second drive to do raid-1.

NyteOwl 11-24-2012 03:02 PM
In the case of unencrypted data if the sector occurs in a file you may be able to recover some of the file, or at most lose one file. If it occurs in a large encrypted container, you lose the whole container as there is no way to determine what the missing data is and what the good data is.

If you have a hardware failure of some sort, including an unrelocatable bad sector, you can say goodbye to any data that relies on that sector. This is true regardless of the encryption system in use be it Truecrypt, LUKS, Bitlocker(WIn), etc. or a hardware encrypted device.

If you use encryption either on volumes/containers or full partitions/drives you need to keep good backups and RAID 1 or above is highly recommended to reduce downtime.

Ulysses_ 11-24-2012 03:20 PM
Then a bad sector can destroy all files in a container, but only one file in unencrypted format.
Since a second drive is not wanted, can't raid-1 be made out of two partitions on the same disk, or two containers on the same partition?

Truecrypt must have a solution to this problem of their software.

TobiSGD 11-24-2012 03:30 PM
RAID-1 is not meant to protect your data, its sole purpose is to minimize downtime. A RAID-1 over two partitions on the same disk is possible, but will not protect you against drive failure and at the same time can't give you what it is designed for.
If you want to always have a good copy of your valuable data invest time and money in a good backup plan instead.

ntubski 11-24-2012 04:04 PM
Quote:
Originally Posted by NyteOwl (Post 4836199)
In the case of unencrypted data if the sector occurs in a file you may be able to recover some of the file, or at most lose one file. If it occurs in a large encrypted container, you lose the whole container as there is no way to determine what the missing data is and what the good data is.
I don't believe this is the case. You can still decrypt the uncorrupted parts.

Ulysses_ 11-24-2012 04:28 PM
What I have seen is that hard drives get bad sectors towards the end of their life, they do not die instantly. So raid-1 between partitions on the same disk seems useful for bad sectors. How is it done?

TobiSGD 11-24-2012 04:55 PM
If you can live with the massive performance impact and the reduced lifetime due to massive increase in head movements just use mdadm to create a software RAID-1 over those two partitions.


All times are GMT -5. The time now is 08:09 PM.