[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?
Christoph Anton Mitterer
calestyo at scientia.net
Fri Jun 3 01:47:49 CEST 2016
I just wondered the following:
- Are there any security concerns (e.g. simplified statistical attacks
or whatever), when one places a RAID (e.g. btrfs RAID or MD RAID) on
top of dmcrypt devices?
- Are there any security concerns when different dm-crypt devices (with
different master-keys), e.g. ones that form a RAID as above, are
created with the same keyslot passphrase/key?
(Of course apart the obvious one, that one can decrypt all with the
If so, does it depend on the cipher/mode/etc? I'd use aes-xts-plain64.
I wouldn't think so, but just for confirmation...
Perhaps in addition:
As you can imagine the setup I'd like to do is e.g. something like n
physical devices, each holding a LUKS container (with different master
key, but all with the same keyslot key), on top of them some btrfs
RAID5/6 (should that ever get stable before I die ;-) )...
Probably I'll do LVM between dmcrypt and btrfs, because I'd actually
want to create two independent btrfs filesystems on top of dmcrypt.
Any performance or stability issues with such setup?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5930 bytes
Desc: not available
More information about the dm-crypt