how safe is encryption with loop in regard to fs-errors?

[Sujao]

Hi all,

I am going to encrypt all my hdds (or at least try ). I looked over some HOWTOs and almost all use encrypted loop devices. After thinking about it I wondered how safe this is considering that all your system is ONLY ONE file. Isnt this dangerous in the regard that if there is a single error in the file system layer your whole system is broken? I am not sure if I am thinking correctly.

In short: If you look at a encrypted filesystem...do you see only ONE signle file? Isnt this error-prone?

In case that is so: What are the alternatives?

[echto]

When you refer to one file your referring to systems that use one partition. You'll encrypt each partition and mount each partition just like one would mount a non-encrypted partition. When booting an encrypted system you may still check the file systems during the boot process for errors just like a non-encrypted system. 'Encrypted' doesn't necessarily create a sence of 'volatility'.

[Sujao]

But isnt the partition image saved as one single file in the filesystem. Lets say my root partition is 130GB. Wouldnt XFS just see a huge 130GB file?

[neuron]

[Sujao]

What about encryption with a device mapper as descriped here? Is it one single file here too? I still wasnt able to understand if the file-system (in my case XFS) stayes unencrypted and saves the files in the usual manner just that they are all encrypted but you can still see the files or if there is a abstract encrypted data image that is written to the hdd containing the whole fs and its data. Where is the border, where does encryption start?

[neuron]

[Sujao]

Thx for the explanation. Do you use some kind of encrypted fs, too?

[neuron]