[ale] OT - SED drive compatibility
Beddingfield, Allen
allen at ua.edu
Mon Sep 8 12:54:14 EDT 2014
I'm curious about why you would encrypt filesystems on servers, if you have control of physical access? If the server is up and online, the drives would be decrypted, and the files would be accessible by any remote exploit. I'm sure I'm missing a good reason for it, but I haven't had enough caffeine to fully get the brain cranked up today :D
--
Allen Beddingfield
Systems Engineer
The University of Alabama
________________________________________
From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Jim Kinney [jim.kinney at gmail.com]
Sent: Monday, September 08, 2014 11:46 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT - SED drive compatibility
Using LUKS software encryption on a system with 15k RPM drives will be a
minimal hit on performance as long as there is adequate RAM and cores to do
the decryption. A single core is enough and the RAM needs are actually
small. A few blocks at a time are fed through for decrypt then passed to
buffers for use.
I use LUKS on EVERY public facing (and many internal only systems) server.
The only big caveat is the need to have remote console so the password can
be entered for key decryption after a reboot.
More information about the Ale
mailing list