(question) Raid5 + Encryption -- which is first?

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Sep 8 20:12:46 UTC 2011


On Thu, Sep 8, 2011 at 4:00 PM, William Park <opengeometry-FFYn/CNdgSA at public.gmane.org> wrote:
> Hi all,
>
> If I want to encrypt a whole filesystem which is Raid5, do I make Raid5 first and then mount it as "encrypted" partition?  (my guess is yes).
>
> But, that begs question.  What if I add a device to Raid5?  Will it be transparent to encryption layer, or will it screw it up?

It begs a further question...

How are you going to provide the decryption key?

If it is to be placed somewhere where it will be read automatically
upon bootup, then it is accessible to any decently competent attacker,
and therefore your encryption is providing no real protection.

It's like the distinction between "part of this good breakfast," and
"adjacent to this good breakfast."

Some boxed cereals have a lovely picture of a fine breakfast, consisting of:
- Coffee
- Several kinds of fruit
- Milk
- Toast, with toppings
- Finally, a bowl of the breakfast cereal.

Truly, that cereal is "adjacent to a good breakfast."  If you replaced
it with a bowl of styrofoam, the remainder of the items in the picture
would still represent a splendid breakfast.

Encryption, outside of use within a known to be useful protocol, is
just "Cargo Cult administration."

http://en.wikipedia.org/wiki/Cargo_cult_programming
-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list