Hi Laurence, for security reasons, encrypt the RAID1. Otherwise you a re giving an attacker more data, namely everything encrypted with two different keys. For Performance reasons, the same. If you RAID1 encrypted disk, everything has to be encrypted twice, if you encrypot the RAID1, all data is encrypted only once, halving the effort. On Mon, Jul 11, 2011 at 11:03:12PM +0100, Laurence Darby wrote: > Hello, > > I have 2 disks currently as a RAID1, and want to encrypt it. I've > done several tests with loopback devices, and found that I can either > create a raid1 with the raw devices, and then encrypt the /dev/md > device, eg: > > losetup /dev/loop1 /tmp/a > losetup /dev/loop2 /tmp/b > > mdadm --create /dev/md3 --level=1 /dev/loop1 /dev/loop2 --raid-devices=2 > > cryptsetup luksFormat /dev/md3 > cryptsetup luksOpen /dev/md3 md3 > > > or instead encrypt each device, and then make the 2 encrypted devices > into a raid, eg: > > losetup /dev/loop3 /tmp/c > losetup /dev/loop4 /tmp/d > > cryptsetup luksFormat /dev/loop3 > cryptsetup luksFormat /dev/loop4 > > cryptsetup luksOpen /dev/loop3 data3 > cryptsetup luksOpen /dev/loop4 data4 > > mdadm --create /dev/md4 --level=1 /dev/mapper/data3 /dev/mapper/data4 > --raid-devices=2 > > > Is there a recommended way to do this? See abofe, place encryption direcly below the filesystem and above any RAID/LVM,... mechanism. > I've read the FAQ, Very good! > especially the part about bad RAM, how single bit > flip errors get amplified - would that mean encrypting each disk > separately is safer, because a bit flip error would be only be copied > to only one device instead of both? Good thinking, but no. It has zero advantage having one good and one corrupted copy, but no way to tell which is which. If you have bit-errors, you have a najor problem. If they get amplified, the main difference is that you may detect them eralier, which is an advantage. > If that happened and a > verification test spotted it, I could remove each device in turn to > find which has the corruption, and repair it. A RAID consistency check would spot it,but how would you identify the good copy? And if the bit-error does hapen before encryption, this does not help at all. In addition, as encryption does run mainly in the CPU caches, bit errors are not very likely there anyways. > I am planning on running > the full set of RAM tests anyway. Is there any reason not to encrypt > each device separately, or any other general advice here? See above. Don't worry about adapting your disk encryption to the possibility of bit-errors. These are separate issues and should not be mixed. Waht you should do with regard tobit-errors is whenever you copy something large or archive something large or do backups, always do a verify that compares the data. This is the best way to detect errors and ensure data integrity. For small writes, bit errors are very, very unlikely, unless your system is extremely instable. I think I will add a section on encryption vs. RAID in the FAQ. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
