-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-08-16 10:07, entr0py wrote: > According to: > > https://www.qubes-os.org/doc/backup-restore/ > https://groups.google.com/forum/#!searchin/qubes-users/ > backup$20encryption|sort:relevance/qubes-users/sS4A3vJdCQ8/w9-jIj5VW9oJ > > Qubes backup system has a "weak key derivation scheme". > > Is a reasonable workaround to just put the backups (with or without Qubes > encryption) on a LUKS device? >
Yes. You can also read more about the key derivation issue here: https://github.com/QubesOS/qubes-issues/issues/971 > And a general cryptsetup question: Is there any security benefit to > encrypting an entire drive versus encrypting individual partitions (ie > /dev/sda vs /dev/sda1)? > Hm. Good question. One case where encrypting the entire drive would be better is if the OS might potentially write metadata, temp files, etc. to unencrypted partitions. If we're only considering an encrypted volume for storing data at rest (e.g., encrypting an entire external hard drive versus just a partition on that external hard drive), then I'd wager there's not much of a difference. It would be best to ask the cryptsetup devs, though (or just anyone more knowledgeable than me). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXs0tHAAoJENtN07w5UDAw/HMQAKayEjqVm8iVj6kQN7oMy9G5 R2mCXRXRy1YOB13lbiLhAt5P0xokp8TWVUedVV5Ysx/64mW2tTwCzwfdQvBSzZUn JmK7PbhGOgkK+Az5QZhVC9iYk+QtuamVesjvcorc+V2+321guKOj3nC7rNA32KTV qKrN+ows67P+ASfHP7K3Gf+KMVOVIFxqUP1olbOomEolVGXgIImBFK896kGyowN4 VPSH2AJhp1X1i5EhBsGWvBVvqZnH1S+FvT1f948RBJzpEeQBWfSlTdv+U79l6nsB X1q1uhm1wWQmung+UMtqVnRlJq2Qo/QSUZt7TOYxGWI1PjX7+2BoV4DqB/2dYW5r Yy8a7MEXZcKWFTAAu2qksGfglFwy2W1mMb6/0Pcmi/QQvbzmgcGKV9k2IaNfwXpA J6GSrzEpCoaR5rYUjuTm7dDT41XhPZuHM0dAgdg8MPvppjIDLh6cjZF+y0fogMIm PshSa4hgRGouxwAb1wfh8C5Y1J/tixm1bU9MNgQCTD6SXL/bP1wKAHWZLWV7cORM 66dg4ZQk83JaY0Wcc4ByoVWsxRVXfIi5ALlcDdGI/2VAg+MCTTxsCfXDcFO6KyPh so6DotmuMQr+6NlYE0kvRcHeoVb6xc+vUIX9eSZMXoSlyZgMW1CuXZ4pICQHsr68 E2Km5Pp6SiuYbsVgP6G/ =Tmo2 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8eb258e9-d6fe-5ccb-71a0-67b7d02be0b4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
