* Sami Liedes <sliedes@xxxxxxxxx> wrote: > Write a dm mapping (I think this can't currently be done in userspace) > that does reverse RAID-0, i.e. splits a disk in two (or more) logical > devices in stripes, for example for 4 MiB blocks: > > Offset (MiB) 0 4 8 12 16 20 24 28 32 36 > device 0 1 0 1 0 1 0 1 0 1 > > Now apply dm-crypt to both the logical devices, then on top of that > put RAID-0 with the same stripe size (4 MiB). This would combine the 4 > MiB blocks back in the correct order so that the resulting RAID device > actually maps linearly to the underlying disk, while giving two > kcryptd threads. You can just make a few partitions and encrypt every partition individual ;). That should be done anyway with linux SW raid5 because of the shortcomings of the error-recovery code. The more individial raid5's you have the better, otherwise just 2 one-bit errors are killing a 3 disk raid5. e.g 3*500GB hd's create 5*100GB partitions on every hd. create 5*raid5 spanning the 5 partitions on every hd create one linear appending to put all the raid5's into one device. This setup is nice because if you buy bigger disks a few years later you can just integrate them into your raid with 100GB segment size, without loosing your old disks. Btw... there is another _REALLY_ good reason for this setup if you use xts encryption mode. quote from NIST XTS submission paper[0]: The proof from Rogaway [B10] yields strong security guarantee as long as the same key is not used to encrypt much more than a terabyte of data (which gives q = 236 blocks). For this case, no attack can succeed with probability better than 2^-53 (i.e., approximately one in eight quadrillion). For petabyte ~ 2^-27. [0]: http://grouper.ieee.org/groups/1619tmp/1619-2007-NIST-Submission.pdf cu, michael -- It's already too late! --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
