Mateusz Marzantowicz wrote:
On 28.06.2013 17:21, J.Witvliet@xxxxxxxxx wrote:
It surely works, but at a performance price. And the certainty that you have to enter the LUKS-key each time you boot.
Intel Sandy/Ivy Bridge processors and later (AMD also) have something
called AES-NI which significantly speeds up disk encryption. I haven't
done any benchmarks but I see no difference between encrypted and plain
LVM in everyday use.
I just discovered that KVM doesn't seem to pass that flag on to virtual
machines, which seems like serious suckage. May be a hardware thing, of course.
User can unlock LUKS volume using key on SD card or any other media that
can be mounted during system boot. So no passphrase is needed every time
system is rebooted.
Leaving the card in the machine kind of defeats the purpose, doesn't it?
And adds to the possibility of forgetting to remove the card when you walk away.
Security and convenience are to some extent mutually exclusive.
Mateusz Marzantowicz
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org