Installing Debian; worth setting up encrypted LVM?

Discuss the security implications of the various flavors of linux and unix

Installing Debian; worth setting up encrypted LVM?

Post by missingLL on Thu Mar 27, 2014 8:58 pm
([msg=80052]see Installing Debian; worth setting up encrypted LVM?[/msg])

Hello all,
I am currently getting ready to install Debian on one of my computers and I can't decide if I want to setup the encrypted LVM. I do know I will be splitting into multiple partitions(not sure if that will make a difference).

How secure is the Debian encrypted LVM and how noticeable is any performance impairment?
Are there any better alternatives?
missingLL
New User
New User
 
Posts: 1
Joined: Thu Mar 27, 2014 8:52 pm
Blog: View Blog (0)


Re: Installing Debian; worth setting up encrypted LVM?

Post by 0phidian on Fri Mar 28, 2014 12:55 pm
([msg=80058]see Re: Installing Debian; worth setting up encrypted LVM?[/msg])

missingLL wrote:How secure is the Debian encrypted LVM and how noticeable is any performance impairment?
Are there any better alternatives?


As secure as the encryption algorithm it uses. I have never noticed any performance impact from using LVM, but it can make recovery much more difficult in the rare event you manage to screw up debian. I'm sure there are alternatives but I cant name any of the top of head.
User avatar
0phidian
Poster
Poster
 
Posts: 266
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: Installing Debian; worth setting up encrypted LVM?

Post by cyberdrain on Sat Mar 29, 2014 10:32 pm
([msg=80070]see Re: Installing Debian; worth setting up encrypted LVM?[/msg])

Using multiple partitions you could also use TrueCrypt, though I don't know if full disk encryption on Linux works the same as in Windows or at all. Both TrueCrypt and dm-crypt/LUKS (using LVM) have proven themselves for security, though TrueCrypt includes hidden containers (plausible deniability) and dm-crypt/LUKS can use more encryption algorithms (might equal better protection). I know TrueCrypt can store the headers of the encrypted disk on a rescue volume in case the hard-disk gets corrupted. I don't know how or if dm-crypt/LUKS include those. It's a matter of personal choice really.

If you encrypt your home partition, but not the rest, you could leak data to the other partitions when running the OS, so don't do that unless you know what you're doing. Usually it's best to go all or nothing.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 834
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)



Return to *nix

Who is online

Users browsing this forum: No registered users and 0 guests