[AktiviX-discuss] Setting up a server with encrypted partitions and swap
charlie at peopleandplanet.org
Tue Oct 3 10:27:22 UTC 2006
Gxi estis 2006-10-03 09:03 kaj tiele skribis aktivix-discuss-bounces at lists....
> I'm setting up a machine and want it to have encrypted partitions and swap.
> It running debian stable - and I'd prefer to stick with that rather than
> compile custom kernels and cryptotools, though if there is a compelling reason
> not to I'd certainly listen.
> I found this article http://www.shimari.com/dm-crypt-on-raid/ ( which seems
> quite recent )and have followed it pretty closely. ( Not exactly as my needs
> are not quite the same. )
> The server is only a single PIII 1Ghz with 1.5GB RAM - so its not the hottest
> thing on the block.
> Does anybody have any comments on the choice of algorithms and toold ( DM-Crypt
> and twofish ). I am a complete newb on these things.
Well, sounds like your setup would be able to handle most of the
algorithims available. The tradeoff will be in access time v's security.
AFAIK AES hasn't been properly compromised although there is an attack
methodology, so you'd probably want to use AES256. twofish is arguably
more secure, but newer, so maybe attacks just haven't been found yet -
its based on schnieir's work on blowfish (which in its 1995 form was
found to have weak keys) and serpent is also v.secure but probably a
little slower. Personally I'd use twofish.
On modern hardware once the crypted fs has been created (which may
be slow depending on size of partition - have a cup of tea whilst this
happens!) the main latency point will be access to large files
(multimedia, et al). If you're going to be mainly just running a
web/mail server on it I'd guess that network latency would be more of a
bottleneck than file access.
Charlie Harvey | perl -e '($I[say]x3);my $dog-="nose";
People & Planet | qw?how does he smell?;++$terrible;'
Shared Planet 2006: The future is yours.
3-5 November, Central London.
An inspirational event with 800+ students tackling issues of
poverty, human rights and the environment. Including George
Monbiot plus other speakers, dynamic workshops, stalls, film,
debates, a party and a MASSIVE carnival of climate chaos on the
For more info, ticket prices and bookings visit:
More information about the AktiviX-discuss