Hi, On Tue, Nov 25, 2014 at 11:03:17 CET, Mark Connor wrote: > Hello > > I currently have a deployment with luks (aes-cbc-256) on different 1TB, 500GB, 300GB etc. drives. All the drives use different keys and XFS filesystem on the top of luks. > I'm planning to replace this setup with 2X4TB disks in software raid1 (with mdraid) but I have my concerns. > > 1, If a sector goes bad on disk1 that normally shouldn't be replicated to > disk2 but in case of luks I don't know what happens then. LUKS changes exactly nothing compared to the normal behavior of the raid. That is why things like RAID, LUKS, etc. are layered. > 2, I think it is more practical -when one is dealing with encryption- to > keep many smaller partitions encrypted with separate keys, in case of > partial disk failure (other parts of the disk can still be accessed). No. The only valid reason for different keys is security. It has no application with regard to reliability. > Also all the partitions have their own separate luks headers... > > Unlike if I don't even create partition just put sda (4TB) sdb(4TB) into > and md0 array and make luks on that one, if anything goes wrong with the > header I lose all my data or if any part of the disks breaks. Same as always. The probability per time goes down a tiny bit, but almost all damaged headers are due to user error and a few are due to faulty software, and in both cases RIAD changes exactly nothing. > I know that ultimately raid is only protect against drive failures (not if > files get corrupted or deleted) so have to have a separated snapshotted > backup next to it. But would implementing raid1 in case of luks be an > advantage or a disadvantage? No impact. You still need backup, and all LUKS installations where the data has any worth should have a header backup. Relevant information is also in the FAQ, Section 6 and Items 2.2, 2.8 and 5.7. I suggest you have a look. Gr"usse, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
