On Wed, Aug 10, 2011 at 10:14:37AM +0200, Sun_Blood wrote: > Hi DM-crypt > > I have done some Googling and read your FAQ(great info) but I'm still Thanks! > a bit confused so I hope somebody have time to answer a few questions. > > I have recently started using dm-crypt and LVM finally taking a leap > in to the feature of disk handling. But now when I'm not using the > normal old partitions system with "one disk one partition" and the > disk itself are getting bigger there is a lot more data that could be > lost in a error. And with a big encrypted LVM I feel that some sort of > backups are necessary. Personally, I do not like LVM. I think in most situations it complicates things without need. > So how can I protect my self from loosing all my data? My system today > looks like this > sdb1 -> lvm -> dm_crypt -> filesystem > So by adding mirror raid I'm guessing that I protect my self from > hardware failure. sd[b-c]1 -> Raid -> LVM -> dm_crypt -> filysystem. > So far are I correct or am I missing something? RAID1 protects you against disk failure, but you still need a backup, just as Milan says in his anzwer. > The above solution saves me from a broken disk but it can't protect me > from my self right(the biggest danger to a system: The user)? If I Indeed. Or two broken disks. > accidental do a dd /dev/zero /dev/raid then all will be lost because > the raid will mirror even my mistakes? Faithfully, yes. > Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM > also have a similar function). > My question here is if I accidental overwrite the first 5% of the disk > could I with this option restore and access the 95% rest of the system > data? Depends on the filsyste, you have in there. Or the partitioning. > Or is this the wrong approach maybe a CoW setup would be the solution? > What I'm looking for is a way to protect the system from myself. > Hardware is one way and with that I can protect myself against > hardware failure good enough with raid and SMART disk. > But if I accidental overwrite the first part of the disk or some other > important part can I protect myself from that? Backup on several (at least 3) media sets is the only good solution. And you are asking exactly the right questions. > And I final question. The output from luksHeaderBackup how sensitive > is that information? Is it like handing somebody my password if I > store it on a local unencrypted disk? It is like handing somebody your disks. Alls still protected. Only potential problem is old passwords in the backup, see FAQ. > Thanks in advance for any answers! =) No Problem. Arno > Martin > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
