| View previous topic :: View next topic |
| Author |
Message |
Strowi
l33t
Joined: 19 Aug 2003
Posts: 656
Location: Bonn
|
 Posted: Fri Jun 23, 2006 10:14 am Post subject: hardware raid1 encryption? |
 |
|
hi,
i just spend some mony on a 2nd harddrive (both Samsung 200GB SATA2) to build a raid1.
I figured for security reasons to encrypt the raid1. I guess i will get that working with some help of the documentations, but i got still a problem understanding the encryption on raid-systems.
As far as i understood, the de-/encryption information is stored in different sectors of the harddisk. if i crypt a normal hdd, and those sectors get screwed, it's lost. How about a hardware raid1.. if i encrypt /dev/md0, and one hdd fails, will it still work?
I know raid1 mirrors the date, but does it also mirror the encryption information or are those stored somewhere else?
Another question that just appeared is: is it possible to store the passphrase on an usb-stick so that I would plug in the key can mount the harddisk like any other disk without entering the password?
hopefuly someone can shed some light on this for me...
_________________
--
Linux & such ...
http://blog.hasnoname.de |
|
| Back to top |
|
 |
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Fri Jun 23, 2006 12:09 pm Post subject: |
|
|
I never actually tried it... but
a crypto-loop encrypted fs is a 'file'. it should be oblivious to the fact that there is a raid1 behind the scene.
so
| Quote: |
if i crypt a normal hdd, and those sectors get screwed, it's lost. How about a hardware raid1.. if i encrypt /dev/md0, and one hdd fails, will it still work?
|
the answer is whether that 'sector' (which is just a piece of a file) contain encryption info or other data is irrelevant, it is mirrored in a raid1 confiuration, so if you 'loose' one disk you should still be able to mount your crypto-loop filesystem.... |
|
| Back to top |
|
|
Strowi
l33t
Joined: 19 Aug 2003
Posts: 656
Location: Bonn
|
| Posted: Fri Jun 23, 2006 12:14 pm Post subject: |
|
|
thx for clarifying this. I thought this way myself, but then again i wasn't sure if it would encrypt the raid as a whole disk, or only one of them and mirror it then... which seemed a little more obvious, but since it's ~100GB of data, i'd better be sure of that.
thx!
_________________
--
Linux & such ...
http://blog.hasnoname.de |
|
| Back to top |
|
|
P3SM
Tux's lil' helper
Joined: 13 Apr 2006
Posts: 93
Location: Gronsveld - The Netherlands
|
| Posted: Fri Jun 23, 2006 12:18 pm Post subject: |
|
|
If you use mirroring all data written to the first disk is synced with the second disk. That means it is only encrypted once and written twice. Your second disk is a full copy of the first, meaning that you should still be able to access the data on the second disk when the first one is damaged.
_________________
Smaug: Sun Netra T1 105, UltraSPARC-IIi 440MHz, 512MB, 2*36GB 10kRPM; 2 Sun Netra D130: 6*36GB 10kRPM, swraid 0
Haku: Dual P3 Xeon 500MHz, 512MB; Sun Multipack: 12*18GB 10kRPM, hwraid 5
Falkor: Sun SparcStation LX, 128 MB, 2.1GB |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
