[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

Christoph Anton Mitterer calestyo at scientia.net
Fri Jun 3 05:14:35 CEST 2016


On Thu, 2016-06-02 at 19:41 -0700, David Christensen wrote:
> If you put encryption on top of a RAID of N devices, your CPU will
> have 
> to process one layer of encryption.  If you put a RAID on top of N 
> encrypted devices, your CPU will have to process N layers of
> encryption. 
Well that's of course clear (I should have mentioned this),... but I
cannot do the former with btrfs RAID, which in turn has the nice
feature of being able to (try to) recover from silent block corruption
(via the checksums), which MD RAID cannot.


> For stability, the kernel, device drivers, dm-crypt, LVM, btrfs,
> etc., 
> need to function correctly under concurrent workloads.  Choose your 
> software accordingly.
Well...are there any current known issues in here? I used to remember
that btrfs once had problems on top of dm-crypt, but that's long ago.


Thanks,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5930 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160603/d18a2144/attachment-0001.bin>


More information about the dm-crypt mailing list