Re: btrfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 27, 2010 at 02:59:17PM +0200, Christoph Anton Mitterer wrote:
> On Wed, 2010-10-27 at 08:54 -0400, M Thomas Frederiksen wrote:
> > I've got 4 HDs, and would like encrypted btrfs.  I'm considering
> > installing Kubuntu 10.10.  As btrfs doesn't support encryption yet,
> > I'd have to use LUKS underneath.  Is this likely to be a decent setup,
> > or would I be well advised to wait for btrfs to support encryption
> > natively? 
> 
> In principle it's a good idea to use dmcrypt/LUKS IMHO (not sure whether
> I like the idea to put encryption directly in the fs),... nevertheless,
> there once used to be (IIRC) a note in the btrfs wiki, that it was for
> some reason insecure/buggy/whatever to be used with dm-crypt...
> 
> So perhaps better ask them too.
> 
> 
> Cheers,
> Chris.


Currently there are kernel issues with write synchronisation.
These may affect a combination of any filesystem with LUKS/dm-crypt
more strongly than the filesystem alone. Fortunately (after a very
long time ignoring it) the kernel developpers have started to do 
something about this issue. It is basically the same thing you get
when writing a very large file to disk and everything starts to 
crawl. Or a smaller file to a slow device and dm-crypted/LUKSed
devices are slower.

2.6.36 is already a lot more responsive under these circumstances,
at least for the large file situation.
2.6.37 is expected to improve the situation further.

There is no reason why there should be any security issues, btrfs
cannot break LUKS/dm-crypt security. 

It may be buggy, but btrfs is still new and likely buggy itself. 
I would not trust if for at least another year.

If you can reliably detect corruption and have good backups,
just try it.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux