[dm-crypt] Protection against data failure
arno at wagner.name
Wed Aug 10 19:26:15 CEST 2011
On Wed, Aug 10, 2011 at 10:14:37AM +0200, Sun_Blood wrote:
> Hi DM-crypt
> I have done some Googling and read your FAQ(great info) but I'm still
> a bit confused so I hope somebody have time to answer a few questions.
> I have recently started using dm-crypt and LVM finally taking a leap
> in to the feature of disk handling. But now when I'm not using the
> normal old partitions system with "one disk one partition" and the
> disk itself are getting bigger there is a lot more data that could be
> lost in a error. And with a big encrypted LVM I feel that some sort of
> backups are necessary.
Personally, I do not like LVM. I think in most situations it
complicates things without need.
> So how can I protect my self from loosing all my data? My system today
> looks like this
> sdb1 -> lvm -> dm_crypt -> filesystem
> So by adding mirror raid I'm guessing that I protect my self from
> hardware failure. sd[b-c]1 -> Raid -> LVM -> dm_crypt -> filysystem.
> So far are I correct or am I missing something?
RAID1 protects you against disk failure, but you still need a
backup, just as Milan says in his anzwer.
> The above solution saves me from a broken disk but it can't protect me
> from my self right(the biggest danger to a system: The user)? If I
Indeed. Or two broken disks.
> accidental do a dd /dev/zero /dev/raid then all will be lost because
> the raid will mirror even my mistakes?
> Lucky I see that cryptsesetup has the luksHeaderBackup function. (LVM
> also have a similar function).
> My question here is if I accidental overwrite the first 5% of the disk
> could I with this option restore and access the 95% rest of the system
Depends on the filsyste, you have in there. Or the partitioning.
> Or is this the wrong approach maybe a CoW setup would be the solution?
> What I'm looking for is a way to protect the system from myself.
> Hardware is one way and with that I can protect myself against
> hardware failure good enough with raid and SMART disk.
> But if I accidental overwrite the first part of the disk or some other
> important part can I protect myself from that?
Backup on several (at least 3) media sets is the only good solution.
And you are asking exactly the right questions.
> And I final question. The output from luksHeaderBackup how sensitive
> is that information? Is it like handing somebody my password if I
> store it on a local unencrypted disk?
It is like handing somebody your disks. Alls still protected.
Only potential problem is old passwords in the backup, see FAQ.
> Thanks in advance for any answers! =)
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt