LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page Encrypted partitions (LUKS) or loopback files (cryptmount)?
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-11-2011, 04:34 AM   #1
lucmove
Senior Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Debian
Posts: 1,433

Rep: Reputation: 110Reputation: 110
Encrypted partitions (LUKS) or loopback files (cryptmount)?

Conundrum:

I've had two large, 100 GB LUKS encrypted partitions for a few years. Both are backed up to an external HD with partitions that mirror those in my computer. This arrangement has worked pretty well for years.

These two LUKS encrypted partitions are on the same disk and they are split in two for historical reasons. I used to have 2 80 GB hard disks, now I have one 320 GB hard disk. The current organization in two partitions reflects the old organization, in two disks. I could change that now, but I have other questions on my mind.

I just ran into something called cryptmount. It is interesting. It can encrypt partitions as well, or it can create loopback files with file systems in them. Encrypted file systems, of course. So now I am thinking:

- Should I merge those two large LUKS partitions into one? On the one hand, having them split seems more manageable in some circumstances, e.g. I could save them in multiple smaller disks if necessary. On the other hand, there could be situations when I need to store something very large which won't fit in the free space of either partition, although it would fit in the sum of the free space on both partitions.

- Should I migrate all my data to smaller cryptmount volumes? AGAIN: On the one hand, having them split seems more manageable in some circumstances, e.g. I could save them in multiple smaller disks/partitions if necessary. On the other hand, there could be situations when I need to store something very large which won't fit in the free space of any single partition, although it would fit in the sum of the free space on all partitions.

- At least one directory has been converted to cryptmount because of on-line backups. I change or add content to that directory very often and it is so important that local backups aren't enough, I feel better having a couple of copies "in the cloud" as well. I used to tar.gz the directory, encrypt it with GPG and send it to two remote locations, but my Internet connection is too slow. It always takes too long. Now I see that rsync will update that data VERY fast with the --no-whole-file option if it is a cryptmount volume. I am not sure that trick will work well with a GPG encrypted tar.gz ball, I suppose GPG+tar.gz will result in too many changes that will force rsync to update much bigger chunks of data.

- So cryptmount loopback files work very well for this kind of remote backup, but should I migrate my 2 large LUKS partitions to cryptmount files? Why? Why not?

- Another thing to consider is that LUKS partitions have the key contained in themselves, whereas cryptmount files require a key in a separate file. I am not sure I like that, sounds like a liability to me. I will have to protect those keys both from attacks and from being lost. How? Keep them in a LUKS partition? Erm, that kind of defeats the whole purpose of replacing LUKS partitions, doesn't it?

Any thoughts, please?
Last edited by lucmove; 04-11-2011 at 04:36 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot write to LUKS encrypted hard drive Nemesissparadise Linux - Software 3 04-04-2011 04:02 PM
Problem with Encrypted Partition using LUKS on Debian michalng Debian 1 03-18-2011 03:04 PM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 02:20 AM
LXer: Create Encrypted Volumes With Cryptmount and Linux LXer Syndicated Linux News 0 04-24-2008 02:50 PM
mount luks encrypted partition with kdm mattydee Slackware 2 01-28-2008 12:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration