Re: Planning for Disk Encryption
Additionally using RAID 1 comes into mind. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/518b9e10.5080...@online.de
Re: Planning for Disk Encryption
On Thu, 02 May 2013 09:19:32 +0200, tv.deb...@googlemail.com wrote: So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? Hi, I guess what you are referring to can happen if you get bad sectors where the luks header resides. This is a single point of failure in luks whole disk encryption, to plan for this you must have current backups (but most likely on another encrypted media, so there is always a tiny probability that this is going to happen there too), and backup the luks headers (see command cryptsetup luksHeaderBackup). See cryptsetup man for security good practice regarding the headers backups. Thanks a lot for your insightful and contributing reply. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/km1ue7$55b$2...@ger.gmane.org
Re: Planning for Disk Encryption
On 05/01/13 06:23, T o n g wrote: My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. ... So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? Hi, I guess what you are referring to can happen if you get bad sectors where the luks header resides. This is a single point of failure in luks whole disk encryption, to plan for this you must have current backups (but most likely on another encrypted media, so there is always a tiny probability that this is going to happen there too), and backup the luks headers (see command cryptsetup luksHeaderBackup). See cryptsetup man for security good practice regarding the headers backups. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51821384.7000...@googlemail.com
Re: Planning for Disk Encryption
Tighten up on your backups. I've been running encrypted partitions (and full disk encryption) for years, and I haven't had a disk problem. Had plenty of other problems (just had a motherboard go bad), and I'm glad I had the backups. -- Steven Rosenberg http://stevenrosenberg.net/blog http://blogs.dailynews.com/click stevenhrosenb...@gmail.com ste...@stevenrosenberg.net On Thu, May 2, 2013 at 12:19 AM, tv.deb...@googlemail.com tv.deb...@googlemail.com wrote: On 05/01/13 06:23, T o n g wrote: My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. ... So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? Hi, I guess what you are referring to can happen if you get bad sectors where the luks header resides. This is a single point of failure in luks whole disk encryption, to plan for this you must have current backups (but most likely on another encrypted media, so there is always a tiny probability that this is going to happen there too), and backup the luks headers (see command cryptsetup luksHeaderBackup). See cryptsetup man for security good practice regarding the headers backups. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.**debian.orgdebian-user-requ...@lists.debian.orgwith a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/**51821384.7000809@googlemail.**comhttp://lists.debian.org/51821384.7000...@googlemail.com
Re: Planning for Disk Encryption
[Please don't top post] On Thu, May 02, 2013 at 08:35:27AM -0700, Steven Rosenberg wrote: Tighten up on your backups. I've been running encrypted partitions (and Umm, I've heard of the expression tighten up on your spending, and tighten up on your drinking which means ease up/slow down. Is this another term which should be avoided because it may mean different things to different people? -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130503014353.GA1095@tal
Re: Planning for Disk Encryption
On Thu, May 2, 2013 at 6:43 PM, Chris Bannister cbannis...@slingshot.co.nz wrote: [Please don't top post] On Thu, May 02, 2013 at 08:35:27AM -0700, Steven Rosenberg wrote: Tighten up on your backups. I've been running encrypted partitions (and Umm, I've heard of the expression tighten up on your spending, To me tighten up/tighten down means pull together, make things ship-shape. It indicates improvement, whether that is up or down. Cheers, Kelly -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFoWM=_Fp_UKgrncOYYhhQ-D3=gB=44q38wzgsun1r0oxa9...@mail.gmail.com
Planning for Disk Encryption
Hi, It's well known that fail to plan means plan to fail. But when comes to Disk Encryption, I did not see any reasonably planning on disk failure, even though I've googled extensively. My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. That's a rather big risk right there, but I haven't found article on how to cope with the problem. To make it more interesting/practical, consider planning for normal home user. They differ from big corporation in that, big corporation will throw away disks once SMART *indicates* the disk is failing, while normal home user will try still to use it until it fails massively, which hardly happens. What I used to do is to mark the bad sectors in inodes as bad and not using them any more. Works great, and I found a similar practice on the net too -- http://www.linuxforum.com/threads/3265-bad-sectors-on-disk, I have some bad sectors on my hard drive. What I did was to make a partition on the part which has the bad sectors. Then I just do not use that particular partition. It's been two years now. The rest of the hard drive is still working well, 12-16 hours every day, seven days a week. So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? Thanks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/klr4vq$3bi$1...@ger.gmane.org
Re: Planning for Disk Encryption
On 5/1/2013 9:23, T o n g wrote: Hi, It's well known that fail to plan means plan to fail. But when comes to Disk Encryption, I did not see any reasonably planning on disk failure, even though I've googled extensively. My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. That's a rather big risk right there, but I haven't found article on how to cope with the problem. To make it more interesting/practical, consider planning for normal home user. They differ from big corporation in that, big corporation will throw away disks once SMART *indicates* the disk is failing, while normal home user will try still to use it until it fails massively, which hardly happens. What I used to do is to mark the bad sectors in inodes as bad and not using them any more. Works great, and I found a similar practice on the net too -- http://www.linuxforum.com/threads/3265-bad-sectors-on-disk, I have some bad sectors on my hard drive. What I did was to make a partition on the part which has the bad sectors. Then I just do not use that particular partition. It's been two years now. The rest of the hard drive is still working well, 12-16 hours every day, seven days a week. So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? Thanks Regular backups. duplicity, rsnapshot, even good old rsync - pick your poison. -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/518118dd.1030...@staticsafe.ca
Re: Planning for Disk Encryption
On 05/01/13 06:23, T o n g wrote: My understanding/impression is that with Full Disk Encryption, even a single bad sector will have a much larger impact than itself and might ruin the whole disk. ... So, what would you plan for normal home users on disk failure for Disk Encryption? How to cope with it? I'd suggest asking on the dm-crypt mailing list: http://www.saout.de/mailman/listinfo/dm-crypt HTH, David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5181bc5f.2020...@holgerdanske.com