[dm-crypt] u?mount (8) helper script for luks encrypted disks

Matthias Schniedermeyer ms at citd.de
Fri Aug 30 10:58:28 CEST 2013


On 30.08.2013 04:24, .. ink .. wrote:
> > > 1. call "blkid" and check the file system on the device,if its present
> > and
> > > its not "crypto_LUKS",then its a device with a normal file system,just
> > > mount it normally.
> >
> > And i would crash & burn right here. Not all encryption is LUKS!
> >
> > I use loopAES v3 encryption (a.k.a. lmk3).
> >
> > i prefer PLAIN type of cryptsetup.The basic idea still stands,encrypted
> volumes will cause blkid to return either "crypto_LUKS" or nothing.This is
> the easiest way to identify an encrypted volume.
> 
> any particular reason why you prefer loopAES over plain type of cryptsetup?

It's the first encryption i used and is "good enough", since AES-NI it's 
also fast enough to not be noticable.

Also converting >100TB of HDDs isn't really fun, so i decided to not 
change anything and also keep my schema for new HDDs.

It works for me. :-)

> There are zero identifiable features in a file or block-device that is
> > loopAES (any version) encrypted. Just like plain encryption. And if i
> > understood it correctly, this is also true for e.g. a Truecrypt
> > container.
> >
> > yap,truecrypt works the same way.
> 
> And my personal model has also a splash of special-sauce. My "whole
> > disc" encryption is from sector 8 until the end of device. So i can put
> > a dummy-MBR on each HDD in which i can stamp the name. This name in turn
> > is used in a udev-rule to create a symlink that identifies the connected
> > HDD. And last but not least, there is the matching autofs configuration,
> > so i can just cd /misc/<name> after connecting the corresponding HDD.
> >
> >
> why dont you use udev links created in "/dev/disk/by-id/" to access your
> HDD? it seem like
> you are doing something udev is already doing and wasting a bit of space in
> the process.

Not stable enough, and some USB-enclosures "destroy" that information. 
As i want to be able to connect my HDD in any way, the information 
to identify a specific HDD has to be stable regardless of 
connection method (SATA, USB2, USB3).

At least "back then" when i tried that years ago it wasn't stable/usable 
for multiple connection paths, and even with USB2 alone i had enclosures 
where you couldn't differenciate between different HDDs because it 
didn't pass through the serial-number of the HDDs, so all different HDDs 
had the same link in by-id.

Also i would have to make and keep up to data a list of what is what.
That list wouldn't be "fun".
Counting historical HDDs i'm at something beyond 150 HDDs.
About 60 currently in use, after i migrated all HDDs <1.5TB to 3TB 
HDDs a little while.





-- 

Matthias


More information about the dm-crypt mailing list