Hello again, I am protecting a few computers. One server and two almost identical workstations. The server encrypts directly to the hard drives, then has LVMv2 over the top. This requires a boot disk (USB boot unsupported) to load the encryption scheme, then perform: lvm vgchange -ay to detect the volume groups and be able to mount the root logical volume. On the workstations, since I run Windows and Linux as dual boot, I use a boot disk again (was storing my keys on the disk) and mount the encrypted system. I was mounting three partitions with three seperate keys, but I might convert to one key and use LVM. Anyway, I then mount the root filesystem and boot it. The boot process can take care of mounting the other drives. Since I was using loop-AES, I was storing the keys away form the system and keeping the keys physically secure. Having the keys on disk means that the encryption is only as good as the password (which I do choose carefully). Off disk keys means that an attacker without the keys will need to resort to brute force, which is far too dificult. Now that I know the USB stick will store the keys off disk (I believe that is what you were getting at Dan), I will opt to use that for additional security. In any case, I will either need a small boot partition, or I will need to use a boot disk. Boot disk is my preferred option. I assume that I can store the keys on the boot disk, and not need a USB specifically for the job of storing the keys off disk. Thanks again for the help. Mark this thread as solved if it's possible. dm-crypt with LUKS here I come. --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
