Re: softraid(4) full-disk encryption on SSD
> I'm taking the plunge now. You're done with the swings.
Re: softraid(4) full-disk encryption on SSD
On 11/16/16 11:52, Ax0n wrote: > I'm taking the plunge now. Mostly, I was concerned about SSD longevity and > if TRIM would be a problem due to the different way data is going to be > accessed. It was the cheapest drive I could find locally anyway, and I keep > good backups (dump to a much larger external drive that's also using > softraid crypto) so I suppose if it burns up in a year it's not really that > big of a problem. Make good backups, and if it burns up in a year (which it may or may not do regardless of what SSD-specific bullsh*t you do with it), say "thanks!" and go buy yourself one twice as big, twice as fast and half as expensive (and possibly more reliable). If it doesn't fail in a year or two, I suggest removing the SSD and a wool carpet and rubber shoes, or better yet, just look panicked, tell your significant other it failed and hope they don't look to closely, and rush out to buy the upgrade. The panicked look is important, though. Nick.
Re: softraid(4) full-disk encryption on SSD
Wed, 16 Nov 2016 19:10:08 +0100 ludovic coues > Trim and ssd longevity and what not may have been an issue when ssd where a > novelty. > These day, it should last just as long as an hard drive. So make backups if > what matters and don't worry about your disk. Hi Ludovic, You have to face it, the issue is both is the SSD medium and controller. I give it a decade of backed up cached usage, in lieu of actual storage. It is an industry shame point solid state tech is beaten by mechanicals. Kind regards, Anton
Re: softraid(4) full-disk encryption on SSD
Trim and ssd longevity and what not may have been an issue when ssd where a novelty. These day, it should last just as long as an hard drive. So make backups if what matters and don't worry about your disk. On 16 Nov 2016 5:54 p.m., "Ax0n" wrote: > I'm taking the plunge now. Mostly, I was concerned about SSD longevity and > if TRIM would be a problem due to the different way data is going to be > accessed. It was the cheapest drive I could find locally anyway, and I keep > good backups (dump to a much larger external drive that's also using > softraid crypto) so I suppose if it burns up in a year it's not really that > big of a problem. > > On Wed, Nov 16, 2016 at 10:33 AM, Marc Peters wrote: > > > Am 11/16/16 um 17:07 schrieb Ax0n: > > > I'm less concerned about swap, and more concerned about how a fully > > > encrypted softraid Solid State Disk is going to act. I can't find a lot > > > about FDE on SSD. > > > > > > > It acts as a normal harddisk would, just faster :). I had one in my > > worklaptop i used before for about two years and i have one in my > > worklaptop. No problems.
Re: softraid(4) full-disk encryption on SSD
I'm taking the plunge now. Mostly, I was concerned about SSD longevity and if TRIM would be a problem due to the different way data is going to be accessed. It was the cheapest drive I could find locally anyway, and I keep good backups (dump to a much larger external drive that's also using softraid crypto) so I suppose if it burns up in a year it's not really that big of a problem. On Wed, Nov 16, 2016 at 10:33 AM, Marc Peters wrote: > Am 11/16/16 um 17:07 schrieb Ax0n: > > I'm less concerned about swap, and more concerned about how a fully > > encrypted softraid Solid State Disk is going to act. I can't find a lot > > about FDE on SSD. > > > > It acts as a normal harddisk would, just faster :). I had one in my > worklaptop i used before for about two years and i have one in my > worklaptop. No problems.
Re: softraid(4) full-disk encryption on SSD
Am 11/16/16 um 17:07 schrieb Ax0n: > I'm less concerned about swap, and more concerned about how a fully > encrypted softraid Solid State Disk is going to act. I can't find a lot > about FDE on SSD. > It acts as a normal harddisk would, just faster :). I had one in my worklaptop i used before for about two years and i have one in my worklaptop. No problems.
Re: softraid(4) full-disk encryption on SSD
I'm less concerned about swap, and more concerned about how a fully encrypted softraid Solid State Disk is going to act. I can't find a lot about FDE on SSD. On Wed, Nov 16, 2016 at 9:41 AM, trondd wrote: > On Wed, November 16, 2016 10:23 am, Jiri B wrote: > > On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote: > >> I just purchased a SanDisk SSD for my daily-driver laptop which has been > >> running -CURRENT well. I'm considering going with FDE and a fresh > >> snapshot > >> install, adding my packages then copying over what I need from my old > >> spinning rust drive, mostly /home and the ssh host keys from /etc/ssh. > >> > >> Anything I should look out for? To be honest, this is my first > >> experience > >> installing anything onto an SSD so I'd be welcome to accept any pointers > >> specific to OpenBSD. Searching misc@ for as long as I've been > subscribed > >> hasn't yielded any solid input on this. > > > > Not sure if encrypting swap makes still sense if you already have FDE. > > What's recommended in this context? > > > > j. > > > > It's been discussed previously. Relavant comment from the thread: > > http://marc.info/?l=openbsd-misc&m=143206067713324&w=2 > > And hint, you can search an online archive instead of being limited to > searching "for as long as you've been subscribed" :)
Re: softraid(4) full-disk encryption on SSD
On Wed, Nov 16, 2016 at 10:23:39AM -0500, Jiri B wrote: > On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote: > > I just purchased a SanDisk SSD for my daily-driver laptop which has been > > running -CURRENT well. I'm considering going with FDE and a fresh snapshot > > install, adding my packages then copying over what I need from my old > > spinning rust drive, mostly /home and the ssh host keys from /etc/ssh. > > > > Anything I should look out for? To be honest, this is my first experience > > installing anything onto an SSD so I'd be welcome to accept any pointers > > specific to OpenBSD. Searching misc@ for as long as I've been subscribed > > hasn't yielded any solid input on this. > > Not sure if encrypting swap makes still sense if you already have FDE. > What's recommended in this context? > > j. > I always leave swap crypt enabled anyway. Less hassle, and one more layer for an attacker to poke through for finding leftover bits of data from RAM.
Re: softraid(4) full-disk encryption on SSD
On Wed, November 16, 2016 10:23 am, Jiri B wrote: > On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote: >> I just purchased a SanDisk SSD for my daily-driver laptop which has been >> running -CURRENT well. I'm considering going with FDE and a fresh >> snapshot >> install, adding my packages then copying over what I need from my old >> spinning rust drive, mostly /home and the ssh host keys from /etc/ssh. >> >> Anything I should look out for? To be honest, this is my first >> experience >> installing anything onto an SSD so I'd be welcome to accept any pointers >> specific to OpenBSD. Searching misc@ for as long as I've been subscribed >> hasn't yielded any solid input on this. > > Not sure if encrypting swap makes still sense if you already have FDE. > What's recommended in this context? > > j. > It's been discussed previously. Relavant comment from the thread: http://marc.info/?l=openbsd-misc&m=143206067713324&w=2 And hint, you can search an online archive instead of being limited to searching "for as long as you've been subscribed" :)
Re: softraid(4) full-disk encryption on SSD
On Wed, Nov 16, 2016 at 09:14:51AM -0600, Ax0n wrote: > I just purchased a SanDisk SSD for my daily-driver laptop which has been > running -CURRENT well. I'm considering going with FDE and a fresh snapshot > install, adding my packages then copying over what I need from my old > spinning rust drive, mostly /home and the ssh host keys from /etc/ssh. > > Anything I should look out for? To be honest, this is my first experience > installing anything onto an SSD so I'd be welcome to accept any pointers > specific to OpenBSD. Searching misc@ for as long as I've been subscribed > hasn't yielded any solid input on this. Not sure if encrypting swap makes still sense if you already have FDE. What's recommended in this context? j.
softraid(4) full-disk encryption on SSD
I just purchased a SanDisk SSD for my daily-driver laptop which has been running -CURRENT well. I'm considering going with FDE and a fresh snapshot install, adding my packages then copying over what I need from my old spinning rust drive, mostly /home and the ssh host keys from /etc/ssh. Anything I should look out for? To be honest, this is my first experience installing anything onto an SSD so I'd be welcome to accept any pointers specific to OpenBSD. Searching misc@ for as long as I've been subscribed hasn't yielded any solid input on this. TIA! --ax0n