>> I've recently finished setting up our new file server, whose largest >> filesystem is 2.5TB in size; ext3 on dm-crypt (aes-256-xts) on lvm on >> md-raid5. For the record, that should be aes-512-xts throughout ... > Also, you need to think about what your attacker model is. Not a very sophisticated one. Encryption enables me to RMA/sell/give away disks with reasonable expectation that the data on them won't be read. Since we're tight on space the server isn't as physically secure as I'd like. I doubt anyone could walk off with it without my knowledge, but rebooting into a root shell would be possible. > Well, you can always use your backup procedure to move the data off and put it back on under new encryption. I could, but it's a real PITA :) > the data above 2T is less secure but all data is less secure. > It is encrypted, it does not get lost and it does not overwrite other > data. To be honest, I couldn't quite parse that one, but the gist of it seems to be positive. I'll leave the box as-is for the moment and see if I can't do something about that performance problem first, lest I have to redo the whole thing twice. Thanks for your help, Chris _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
