On Tuesday 10 January 2006 07:13, Cláudio Henrique <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] LUKS': > On 1/9/06, Richard Fish <[EMAIL PROTECTED]> wrote: > > > If I used on any of my HDs, will I be able to update them? > > > > What do you mean? > > I mean updating my system (emerge -u world) once I put it on a > cyphered partition.
Encrypted block devices are accessed just like normal block devices, once the encryption keys are in memory. You are only asked for your passphrase once, each time the block device is created [1]. Generally, this will only be during boot. > I was worried if the algorithm would make all the blocks > dependents on each other. So, if I loose onde block, I'd be loosing > all the others. That's not necessary, since each sector has a separate initialization vector. PlumbIV and CBC (along with the patent-encumbered CMC and EME) do make the blocks within a sector dependent on one another, which is good for resisting certain types of attacks. > What about the performance, is it too different from plain partition > usage? I never noticed the difference when I was using aes-loop on a 2GHz laptop. That said, it will depend on the algorithm you choose and the CPU you have available. Also, I /think/ aes-loop was supposed to be faster than dm-crypt, but I believe the kernel's implementation of aes (and maybe other ciphers) has gotten faster since the last benchmarks I saw. -- Boyd Stephen Smith Jr. [EMAIL PROTECTED] ICQ: 514984 YM/AIM: DaTwinkDaddy [1] This choice of wording might be confusing. I am referring to when the block device is assigned a minor number and the dm mapping loaded into the kernel: creation of the block device. I am not referring to the initialization of the LUKS "superblock", when the passphrase and algorithm are chosen. -- gentoo-user@gentoo.org mailing list
