[dm-crypt] u?mount (8) helper script for luks encrypted disks
ms at citd.de
Fri Aug 30 10:58:28 CEST 2013
On 30.08.2013 04:24, .. ink .. wrote:
> > > 1. call "blkid" and check the file system on the device,if its present
> > and
> > > its not "crypto_LUKS",then its a device with a normal file system,just
> > > mount it normally.
> > And i would crash & burn right here. Not all encryption is LUKS!
> > I use loopAES v3 encryption (a.k.a. lmk3).
> > i prefer PLAIN type of cryptsetup.The basic idea still stands,encrypted
> volumes will cause blkid to return either "crypto_LUKS" or nothing.This is
> the easiest way to identify an encrypted volume.
> any particular reason why you prefer loopAES over plain type of cryptsetup?
It's the first encryption i used and is "good enough", since AES-NI it's
also fast enough to not be noticable.
Also converting >100TB of HDDs isn't really fun, so i decided to not
change anything and also keep my schema for new HDDs.
It works for me. :-)
> There are zero identifiable features in a file or block-device that is
> > loopAES (any version) encrypted. Just like plain encryption. And if i
> > understood it correctly, this is also true for e.g. a Truecrypt
> > container.
> > yap,truecrypt works the same way.
> And my personal model has also a splash of special-sauce. My "whole
> > disc" encryption is from sector 8 until the end of device. So i can put
> > a dummy-MBR on each HDD in which i can stamp the name. This name in turn
> > is used in a udev-rule to create a symlink that identifies the connected
> > HDD. And last but not least, there is the matching autofs configuration,
> > so i can just cd /misc/<name> after connecting the corresponding HDD.
> why dont you use udev links created in "/dev/disk/by-id/" to access your
> HDD? it seem like
> you are doing something udev is already doing and wasting a bit of space in
> the process.
Not stable enough, and some USB-enclosures "destroy" that information.
As i want to be able to connect my HDD in any way, the information
to identify a specific HDD has to be stable regardless of
connection method (SATA, USB2, USB3).
At least "back then" when i tried that years ago it wasn't stable/usable
for multiple connection paths, and even with USB2 alone i had enclosures
where you couldn't differenciate between different HDDs because it
didn't pass through the serial-number of the HDDs, so all different HDDs
had the same link in by-id.
Also i would have to make and keep up to data a list of what is what.
That list wouldn't be "fun".
Counting historical HDDs i'm at something beyond 150 HDDs.
About 60 currently in use, after i migrated all HDDs <1.5TB to 3TB
HDDs a little while.
More information about the dm-crypt