[dm-crypt] Questions about LUKS / LVM

Karl O. Pinc kop at meme.com
Mon Sep 19 18:00:00 CEST 2011


On 09/19/2011 10:45:52 AM, Robbie Smith wrote:

> How much of a load on the system would LUKS + LVM be?
> Is it likely to
> result in a noticeable drop in performance?

It all depends, but generally no because cpu is _so_ much faster
than disk these days.

> Does entering the key(s)
> at
> boot decrypt the whole volume, or just provide a means for the kernel
> module to decrypt and encrypt on-the-fly?

The latter.

> 
> And… how does it work? The documentation makes mention of multiple
> key-slots; but I'm a little baffled as to how different keys can be
> used
> to decrypt the same volume. It is based on symmetric cryptography,
> isn't
> it?

Yes, but the master key is encrypted by each key, separately, and 
that's what your multiple passwords decrypt.

See the tks-1 paper (iirc) referenced on the wiki for more info.




Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein



More information about the dm-crypt mailing list