[dm-crypt] The future of disk encryption with LUKS2

Arno Wagner arno at wagner.name
Thu Feb 4 11:48:07 CET 2016

On Thu, Feb 04, 2016 at 10:35:57 CET, Sumaya1960 at gmx.de wrote:
> Hi agian,
> I am very sorry for bothering all of you!
> BUT I lost all my Data once and I will make sure that this time it
> will not going to happen again!
> So 2 short questions:
> 1. external USB-Disk with as raw block device as 'external backup
> device'? ( FAQ 2.2 (2))
> Is that OK?

If you have a header backup, that already covers some problems.
If you add a full backup of the raw LUKS device, that protects
you justr as much as a regular fullbackup does. You just cannot
compress that backup compared to a regular one.
> 2. Can I use a Hardware Raid 10 with 4 SSD's?
> I will use raw disks as well with no other format and no other
> partition. I will configure the virtual drive on the host (adapter)
> side. Is this possible or would you recommend another setup on the
> hardware raid?

RAID10 is something pretty obsolete and it has worse reliability
than RAID1 and the speed-advantage does not matter much today. 
Better use RAID1 with larger SSDs or RAID 6. 

BTW, you can meaningfully mix normal HDDS and SSDs in a Linux 
software RAID1 and you can use more than 2 drives in a RAID1 
under Linux software RAID. I have a page on how to do that here:


What I currently uses is one SSD and two notebook HDDs for 
important data in a 3-way RAID1 (on partition level, but 
works the same for full disks). Unless all three fail, the
data is good. Of course, I have backup. LUKS goes on-top
of that RAID. 

For reading, this is as fast as the SSD. Writes are buffered
in memory anyways. Unless you need high write-performance for
writes larger than the free memory, this is the ideal set-up.
> Thank you so much and again, I am very sorry for my stupid questions!

Don't worry. The only propblems are lazy questions where
people have not bothered to find things out. You obviously 


> I just want to make sure, that everything is considered!
> I will use ASCII character Set to setup the pass-phrase, that is clear.
> Thanks a lot to everyone!
> Best wishes!!!
> Susu
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list