---------- Forwarded message ---------- From: Daniel Jitnah <[email protected]> Date: 23 April 2015 at 11:56 Subject: Re: In-place online encryption To: Noah O'Donoghue <[email protected]>
Of course please CC.. I did not realise I only replied to you! Cheers Daniel On 23/04/15 11:45, Noah O'Donoghue wrote: > Well, the use case does vary between machines, > > One use-case agnostic reason is because if you don't encrypt your root, > someone can modify your binaries in ways you might not notice; > > For example, downgrade packages to a version that is vulnerable to an > exploit, add backdoors, add applications that can leak your key, etc, etc. > > Another reason is sometimes I chain my encryption, for example I'll have > a keyfile that is stored on my root partition unlock all the other > partitions, to save me from remembering a passphrase per drive, instead > I only need to remember one. > > But in general, It would be good to be able to live-encrypt my data > holding partitions too. If I want to encrypt my 8TB drive array for > example, I don't want it to be offline for 4-5 days in the process... > > Do you mind if I CC this to the list? > > On 23 April 2015 at 11:34, Daniel Jitnah <[email protected] > <mailto:[email protected]>> wrote: > > Hi Noah, > > I am just curious as to why you would want to encrypt the whole root > partition? Would you want to encrypt only home folder or other data > holding folder? > > Daniel. > > On 23/04/15 08:36, Noah O'Donoghue wrote: > > Hey all, > > > > I have a few cases where I'd like to encrypt without taking the system > > down for extended periods, ie, servers. > > > > In the windows/apple world truecrypt / bitlocker / filevault will all > > let you encrypt the root partition as a background process, > throttled to > > a low IO load. Usually this requires a reboot to get started, then > runs > > in the background. > > > > Does anyone know how to achieve this in the Linux world? (preferably > > with luks) > > > > -Noah > > > > > > _______________________________________________ > > luv-main mailing list > > [email protected] <mailto:[email protected]> > > http://lists.luv.asn.au/listinfo/luv-main > > > >
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
